An Exploration of Information Security Practices within UK Primary, Secondary and Further Education Institutions

Student thesis: Doctoral Thesis

Abstract

Abstract
This thesis presents a novel exploration of the state of information security within the United Kingdom’s Primary, Secondary and Further education institutions. It builds upon the results and concerns raised by other researchers in both the education and wider information security sectors that these institutions are vulnerable to cyberattacks.
Drawing upon established socio-technical theory of the importance of considering how users interact with information security systems, it conducts both document analysis of 100 United Kingdom school information security policies and thematic analysis of 24 semi-structured interviews of United Kingdom teaching practitioners. The document analysis findings highlight that many of the policies had poor accessibility, lacked content related to the current threat landscape and did not seek to build a positive security culture. The thematic analysis reveals that the teaching practitioners perceived information security as a burden which prevented them from undertaking their core task of effective lesson delivery. Practitioners also believed that information security training was a poor use of their time and that their institutions did not seek to involve them in the creation of their information security systems.
Research within this thesis does, however, highlight examples of good practice in several policies and institutions. Possible methods are suggested to improve information security policy creation and how to involve teaching practitioners in the development of effective information security systems. This thesis posits that until these improvements are undertaken, poorly designed policies and a lack of practitioner involvement in the creation of their institution’s information security systems will continue to result in the United Kingdom’s Primary, Secondary and Further education institutions being vulnerable to cyberattacks.
Date of Award7 Jun 2024
Original languageEnglish
Awarding Institution
  • University of Portsmouth
SupervisorMoufida Sadok (Supervisor), Vasileios Karagiannopoulos (Supervisor) & Peter Bednar (Supervisor)

Cite this

'