Many articles within the literature point to the information security policy as one of the most important elements of an effective information security program. Even though this belief is continually referred to in many information security scholarly articles, very few research studies have been performed to corroborate this sentiment. Doherty and Fulford undertook two studies in 2003 and in 2005 respectively that sought to catalogue the impact of the information security policy on breaches at businesses in the United Kingdom. The pair went on to call for additional studies in differing industry segments.
This dissertation built upon Doherty and Fulford (2005). It sought to add to the body of knowledge by determining the statistical significance of the information security policy on breaches within Higher education. This research was able to corroborate the findings from Doherty and Fulford's original research. There were no observed statistically significant relationships between information security policies and the frequency and severity of information security breaches. This study also made novel contributions to the body of knowledge that included the analysis of the statistical relationships between information security awareness programs and information security breaches.
This effort also analyzed the statistical relationships between information security policy enforcement and breaches. The results of the analysis indicated no statistically significant relationships. Additionally, this research observed that while information security policies are heavily utilized by colleges and universities, security awareness training is not heavily employed by institutions of higher education. This research noted that many institutions reported not having consistent enforcement of information security policies.
The data observed during this research implies there is room for additional coverage of formal information security awareness programs and potentially a call to attempt alternative training methods to achieve a reduction of the occurrences and impact of security breaches. There is room for greater adoption of consistent enforcement of policy at higher education organizations. The results of this dissertation suggest that the existence of policy, training, and enforcement activities in and of themselves are not enough to sufficiently curtail breaches. Additional studies should be performed to better understand how breaches can be reduced.
| Identifer | oai:union.ndltd.org:nova.edu/oai:nsuworks.nova.edu:gscis_etd-1330 |
| Date | 01 January 2013 |
| Creators | Waddell, Stanie Adolphus |
| Publisher | NSUWorks |
| Source Sets | Nova Southeastern University |
| Detected Language | English |
| Type | text |
| Format | application/pdf |
| Source | CEC Theses and Dissertations |
Page generated in 0.0054 seconds