@inproceedings{251247089ebf4f0eac5d0428ffbead80,
title = "What can we learn from the analysis of information security policies? The case of UK{\textquoteright}s schools",
abstract = "Security standards consider that developing a security policy is a cornerstone in information security management. In practice, the development of a security policy is contextually dependent and there is no agreement on what organisations should include in their security policies. This paper argues that analysing information security policy documents could potentially provide new insights into existing issues with security practices. The paper explores and analyses the content and form of 100 UK schools{\textquoteright} information security policies to assess their scope and accessibility. The key findings show that the content varied widely between schools but tended to have a technical focus, many security policies had not been updated to address changes to work practices due to the Covid-19 situation and many policies have poor readability scores preventing readers from engaging with them.",
keywords = "Covid-19, information security, information security policy, ISO 27002, readability score, UK schools",
author = "Martin Sparrius and Moufida Sadok and Peter Bednar",
year = "2021",
month = jul,
day = "8",
doi = "10.1007/978-3-030-81111-2_7",
language = "English",
isbn = "9783030811105",
series = "IFIP Advances in Information and Communication Technology",
publisher = "Springer",
pages = "81--90",
editor = "Steven Furnell and Nathan Clarke",
booktitle = "Human Aspects of Information Security and Assurance - 15th IFIP WG 11.12 International Symposium, HAISA 2021, 2021, Proceedings",
note = "15th IFIP WG 11.12 International Symposium on Human Aspects of Information Security and Assurance, HAISA 2021 ; Conference date: 07-07-2021 Through 09-07-2021",
}