{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,6]],"date-time":"2026-01-06T02:19:55Z","timestamp":1767665995652,"version":"3.41.2"},"reference-count":22,"publisher":"Emerald","issue":"3","license":[{"start":{"date-parts":[[2003,8,1]],"date-time":"2003-08-01T00:00:00Z","timestamp":1059696000000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2003,8,1]]},"abstract":"Despite its widely acknowledged importance, the information security policy has not, to date, been the subject of explicit, empirical scrutiny, in the academic literature. To help fill this gap an exploratory research project was initiated that sought to investigate the uptake, content, dissemination and impact of information security policies. To this end, a questionnaire was mailed to senior IS executives, in large UK\u2010based organizations, and 208 valid responses were received. The results of this research have indicated that, while policies are now fairly common, at least amongst the sample, there is still a high degree of variety in terms of their content and dissemination.<\/jats:p>","DOI":"10.1108\/09685220310480381","type":"journal-article","created":{"date-parts":[[2003,7,14]],"date-time":"2003-07-14T20:14:02Z","timestamp":1058213642000},"page":"106-114","source":"Crossref","is-referenced-by-count":48,"title":["The application of information security policies in large UK\u2010based organizations: an exploratory investigation"],"prefix":"10.1108","volume":"11","author":[{"given":"Heather","family":"Fulford","sequence":"first","affiliation":[]},{"given":"Neil F.","family":"Doherty","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2022021120051486800_B1","unstructured":"Andersen, I.T. (2001), \u201cSicherheit in Europa\u201d, Studie 2001, Status Quo, Trends, Perspektiven, Studie 2001, Andersen, Dusseldorf."},{"key":"key2022021120051486800_B2","doi-asserted-by":"crossref","unstructured":"Angell, I.O. (1996), \u201cEconomic crime: beyond good and evil\u201d, Journal of Financial Regulation & Compliance, Vol. 4 No. 1.","DOI":"10.1108\/eb024863"},{"key":"key2022021120051486800_B3","unstructured":"Arnott, S. (2002), \u201cStrategy paper\u201d, Computing, Vol. 16, 28 February."},{"key":"key2022021120051486800_B4","doi-asserted-by":"crossref","unstructured":"Barnard, L. and von Solms, R. (1998), \u201cThe evaluation and certification of information security against BS 7799\u201d, Information Management & Computer Security, Vol. 6 No. 2, pp. 72\u20107.","DOI":"10.1108\/09685229810209397"},{"key":"key2022021120051486800_B5","unstructured":"British Standards Institute (BSI) (1999), Information Security Management \u2013 BS 7799\u20101:1999, BSI, London."},{"key":"key2022021120051486800_B6","unstructured":"Churchill, G.A. Jr (1997), Marketing Research, Methodological Foundations, The Dryden Press, Hinsdale, IL."},{"key":"key2022021120051486800_B7","unstructured":"Department of Trade and Industry (DTI) (2000), Information Security Breaches Survey 2000, Technical Report, April, DTI, London."},{"key":"key2022021120051486800_B8","unstructured":"Department of Trade and Industry (DTI) (2002), Information Security Breaches Survey 2002, Technical Report, April, DTI, London."},{"key":"key2022021120051486800_B9","doi-asserted-by":"crossref","unstructured":"Dhillon, G. and Backhouse, J. (2001), \u201cCurrent directions in IS security research: towards socio\u2010organizational perspectives\u201d, Information Systems Journal, Vol. 11, pp. 127\u201053.","DOI":"10.1046\/j.1365-2575.2001.00099.x"},{"key":"key2022021120051486800_B10","doi-asserted-by":"crossref","unstructured":"Dinnie, G. (1999), \u201cThe Second Annual Global Information Security Survey\u201d, Information Management & Computer Security, Vol. 7 No. 3, pp. 112\u201020.","DOI":"10.1108\/09685229910693812"},{"key":"key2022021120051486800_B11","unstructured":"Ernst & Young (2001), Information Security Survey, Ernst & Young, London."},{"key":"key2022021120051486800_B12","doi-asserted-by":"crossref","unstructured":"Furnell, S.M. and Warren, M.J. (1999), \u201cComputer hacking and cyber terrorism: the real threats of the new millennium?\u201d, Computers and Security, Vol. 18 No. 1, pp. 28\u201034.","DOI":"10.1016\/S0167-4048(99)80006-6"},{"key":"key2022021120051486800_B13","doi-asserted-by":"crossref","unstructured":"Gerber, M., von Solms, R. and Overbeek, P. (2001), \u201cFormalizing information security requirements\u201d, Information Management & Computer Security, Vol. 9 No. 1, pp. 32\u20107.","DOI":"10.1108\/09685220110366768"},{"key":"key2022021120051486800_B14","doi-asserted-by":"crossref","unstructured":"Higgins, H.N. (1999), \u201cCorporate system security: towards an integrated management approach\u201d, Information Management & Computer Security, Vol. 7 No. 5, pp. 217\u201022.","DOI":"10.1108\/09685229910292817"},{"key":"key2022021120051486800_B15","doi-asserted-by":"crossref","unstructured":"Hone, K. and Eloff, J.H.P. (2002), \u201cInformation security policy \u2013 what do international security standards say?\u201d, Computers & Security, Vol. 21 No. 5, pp. 402\u20109.","DOI":"10.1016\/S0167-4048(02)00504-7"},{"key":"key2022021120051486800_B16","unstructured":"International Standards Organization (ISO) (2000), \u201cInformation technology. Code of practice for information security management \u2013 ISO 17799\u201d, ISO, Geneva."},{"key":"key2022021120051486800_B17","doi-asserted-by":"crossref","unstructured":"Lock, K.D., Carr, H.H. and Warkentin, M.E. (1992), \u201cThreats to information systems \u2013 today\u2019s reality, yesterday\u2019s understanding\u201d, MIS Quarterly, Vol. 16 No. 2, pp. 173\u201086.","DOI":"10.2307\/249574"},{"key":"key2022021120051486800_B18","doi-asserted-by":"crossref","unstructured":"Moule, B. and Giavara, L. (1995), \u201cPolicies, procedures and standards: an approach for implementation\u201d, Information Management & Computer Security, Vol. 3 No. 3, pp. 7\u201016.","DOI":"10.1108\/09685229510092057"},{"key":"key2022021120051486800_B19","doi-asserted-by":"crossref","unstructured":"Post, G. and Kagan, A. (2000), \u201cManagement trade\u2010offs in anti\u2010virus strategies\u201d, Information & Management, Vol. 37 No. 1, pp. 13\u201024.","DOI":"10.1016\/S0378-7206(99)00028-2"},{"key":"key2022021120051486800_B20","doi-asserted-by":"crossref","unstructured":"Prembukar, G. and King, W.R. (1992), \u201cAn empirical assessment of information systems planning and the role of information systems in organisations\u201d, Journal of Management Information Systems, Vol. 19 No. 2, pp. 99\u2010125.","DOI":"10.1080\/07421222.1992.11517960"},{"key":"key2022021120051486800_B21","doi-asserted-by":"crossref","unstructured":"Siponen, M. T. (2000), \u201cA conceptual foundation for organizational information security awareness\u201d, Information Management & Computer Security, Vol. 8 No. 1, pp. 31\u201041.","DOI":"10.1108\/09685220010371394"},{"key":"key2022021120051486800_B22","doi-asserted-by":"crossref","unstructured":"von Solms, R. (1998), \u201cInformation security management (1): why information security is so important\u201d, Information Management & Computer Security, Vol. 6 No. 5, pp. 224\u20105.","DOI":"10.1108\/09685229810240158"}],"container-title":["Information Management & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/09685220310480381","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220310480381\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220310480381\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:08:45Z","timestamp":1753402125000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/11\/3\/106-114\/172150"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2003,8,1]]},"references-count":22,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2003,8,1]]}},"alternative-id":["10.1108\/09685220310480381"],"URL":"https:\/\/doi.org\/10.1108\/09685220310480381","relation":{},"ISSN":["0968-5227"],"issn-type":[{"type":"print","value":"0968-5227"}],"subject":[],"published":{"date-parts":[[2003,8,1]]}}}