Abstract | ||
---|---|---|
Effective information security extends beyond using software controls that are so prominently discussed in the popular and academic literature. There must also be management influence and control. The best way to control information security is through formal policy and measuring the effectiveness of existing policies. The purpose of this research is to determine 1) what security elements are embedded in Web-based information security policy statements and 2) what security-related keywords appear more frequently. The authors use these findings to propose a density measure (the extent to which each policy uses security keywords) as an indicator of policy strength. For these purposes, they examine the security component of privacy policies of Fortune 100 Web sites. The density measure may serve as a benchmark that can be used as a basis for comparison across companies and the development of industry norms. |
Year | DOI | Venue |
---|---|---|
2009 | 10.4018/jisp.2009040106 | INTERNATIONAL JOURNAL OF INFORMATION SECURITY AND PRIVACY |
Keywords | Field | DocType |
Benchmarking, Data Security, Data Protection, Privacy policy, Security policy | Security convergence,Internet privacy,Computer security,Information security standards,Computer science,Asset (computer security),Certified Information Security Manager,Security service,Information security management,Security information and event management,Computer security model | Journal |
Volume | Issue | ISSN |
3 | 2 | 1930-1650 |
Citations | PageRank | References |
0 | 0.34 | 2 |
Authors | ||
3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Kirk P. Arnett | 1 | 588 | 54.77 |
Gary F. Templeton | 2 | 257 | 15.75 |
David A. Vance | 3 | 2 | 0.72 |