{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:45:35Z","timestamp":1759092335806,"version":"3.41.2"},"reference-count":17,"publisher":"Emerald","issue":"2","license":[{"start":{"date-parts":[[2006,3,1]],"date-time":"2006-03-01T00:00:00Z","timestamp":1141171200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2006,3,1]]},"abstract":"Purpose<\/jats:title>With the popularity of e\u2010commerce, information security is vital to most organizations. For managers, building and implementing an information security policy (ISP) has long been assumed to be an effective managerial measure to elevate an organization's security level. This paper attempts to investigate the dominant factors for an organization to build an ISP, and whether an ISP may elevate an organization's security level?<\/jats:p><\/jats:sec>Design\/methodology\/approach<\/jats:title>A survey was designed and the data were collected from 165 chief information officers in Taiwan.<\/jats:p><\/jats:sec>Findings<\/jats:title>The empirical results show that some organizational characteristics (business type and MIS\/IS department size) might be good predictors for the ISP adoption and that the functions, contents, implementation and procedures of an ISP may significantly contribute to managers' perceived elevation of information security.<\/jats:p><\/jats:sec>Practical implications<\/jats:title>Building or adopting an ISP is examined empirically to be an effective managerial measure to elevate its security level in Taiwan, and that the building of an information security should focus on the comprehensiveness of its contents, procedures and implementation items, rather than on the documents only.<\/jats:p><\/jats:sec>Originality\/value<\/jats:title>Few empirical studies have been conducted so far to examine the effectiveness of an ISP, thus the value of this paper is high.<\/jats:p><\/jats:sec>","DOI":"10.1108\/09685220610655861","type":"journal-article","created":{"date-parts":[[2006,7,4]],"date-time":"2006-07-04T04:19:45Z","timestamp":1151986785000},"page":"104-115","source":"Crossref","is-referenced-by-count":32,"title":["An empirical study of information security policy on information security elevation in Taiwan"],"prefix":"10.1108","volume":"14","author":[{"given":"Kwo\u2010Shing","family":"Hong","sequence":"first","affiliation":[]},{"given":"Yen\u2010Ping","family":"Chi","sequence":"additional","affiliation":[]},{"given":"Louis R.","family":"Chao","sequence":"additional","affiliation":[]},{"given":"Jih\u2010Hsing","family":"Tang","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2022020620453747200_b1","unstructured":"Blacharski, D. (1998), Network Security in a Mixed Environment, Hungry Minds, Tom Swan, Foster City, CA."},{"key":"key2022020620453747200_b2","unstructured":"Connolly, P.J. (2000), \u201cSecurity starts from within\u201d, Infoworld, July, pp. 39\u201040."},{"key":"key2022020620453747200_b4","doi-asserted-by":"crossref","unstructured":"Dhillon, G. and Backhouse, J. (2001), \u201cCurrent directions in IS security research: towards socio\u2010organizational perspectives\u201d, Information Systems Journal, Vol. 11, pp. 127\u201053.","DOI":"10.1046\/j.1365-2575.2001.00099.x"},{"key":"key2022020620453747200_b5","unstructured":"Flynn, N.L. (2001), The E\u2010Policy Handbook: Designing and Implementing Effective E\u2010mail, Internet and Software Policies, American Management Association, New York, NY."},{"key":"key2022020620453747200_b6","doi-asserted-by":"crossref","unstructured":"Fulford, H. and Doherty, N.F. (2003), \u201cThe application of information security policies in large UK\u2010based organizations: an exploratory investigation\u201d, Information Management & Computer Security, Vol. 11 No. 3, pp. 106\u201014.","DOI":"10.1108\/09685220310480381"},{"key":"key2022020620453747200_b18","unstructured":"Gupta, M., Chaturvedi, A.R., Mehta, S. and Valeri, L. (2000), \u201cThe experimental analysis of information security management issues for online financial services\u201d, Proceedings of the Twenty First International Conference on Information Systems, Brisbane, Australia."},{"key":"key2022020620453747200_b7","doi-asserted-by":"crossref","unstructured":"Hinde, S. (2002), \u201cSecurity survey spring crop\u201d, Computers & Security, Vol. 21 No. 4, pp. 310\u201021.","DOI":"10.1016\/S0167-4048(02)00404-2"},{"key":"key2022020620453747200_b8","doi-asserted-by":"crossref","unstructured":"H\u00f6ne, K. and Eloff, J.H.P. (2002a), \u201cInformation security policy \u2013 what do international information security standards say?\u201d, Computers & Security, Vol. 21 No. 5, pp. 402\u20109.","DOI":"10.1016\/S0167-4048(02)00504-7"},{"key":"key2022020620453747200_b9","doi-asserted-by":"crossref","unstructured":"H\u00f6ne, K. and Eloff, J.H.P. (2002b), \u201cWhat makes an effective information security policy?\u201d, Network Security, Vol. 6, pp. 14\u201016.","DOI":"10.1016\/S1353-4858(02)06011-7"},{"key":"key2022020620453747200_b10","doi-asserted-by":"crossref","unstructured":"Hong, K.S., Chi, Y.P., Chao, L.R. and Tang, J.H. (2003), \u201cAn integrated system theory of information security management\u201d, Information Management & Computer Security, Vol. 11 No. 5, pp. 243\u20108.","DOI":"10.1108\/09685220310500153"},{"key":"key2022020620453747200_b11","unstructured":"ISO\/IEC 17799 (2000), Information Technology Code of Practice for Information Services, ISO, Geneva."},{"key":"key2022020620453747200_b12","doi-asserted-by":"crossref","unstructured":"K\u00fchnhauser, W.E. (1999), \u201cPolicy groups\u201d, Computers & Security, Vol. 18 No. 4, pp. 351\u201063.","DOI":"10.1016\/S0167-4048(99)80081-9"},{"key":"key2022020620453747200_b13","doi-asserted-by":"crossref","unstructured":"Lindup, K.R. (1995), \u201cA new model for information security policies\u201d, Computers & Security, Vol. 14 No. 8, pp. 691\u20105.","DOI":"10.1016\/0167-4048(96)81709-3"},{"key":"key2022020620453747200_b17","doi-asserted-by":"crossref","unstructured":"Loch, K.D., Carr, H.H. and Warkentin, M.E. (1992), \u201cThreats to information systems: today's reality, yesterday's understanding\u201d, MIS Quarterly, Vol. 16 No. 2, pp. 173\u201086.","DOI":"10.2307\/249574"},{"key":"key2022020620453747200_b14","doi-asserted-by":"crossref","unstructured":"Osborne, K. (1998), \u201cAuditing the IT security function\u201d, Computers & Security, Vol. 17 No. 1, pp. 34\u201041.","DOI":"10.1016\/S0167-4048(97)80248-9"},{"key":"key2022020620453747200_b16","doi-asserted-by":"crossref","unstructured":"Ryan, S.D. and Bordoloi, B. (1997), \u201cEvaluating security threats in mainframe and client\/server environments\u201d, Information & Management, Vol. 32 No. 3, pp. 137\u201046.","DOI":"10.1016\/S0378-7206(97)00013-X"},{"key":"key2022020620453747200_b15","doi-asserted-by":"crossref","unstructured":"Ward, P. and Smith, C.L. (2002), \u201cThe development of access control policies for information technology systems\u201d, Computers & Security, Vol. 21 No. 4, pp. 356\u201071.","DOI":"10.1016\/S0167-4048(02)00414-5"}],"container-title":["Information Management & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220610655861\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/09685220610655861\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T00:08:57Z","timestamp":1753402137000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/14\/2\/104-115\/172768"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2006,3,1]]},"references-count":17,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2006,3,1]]}},"alternative-id":["10.1108\/09685220610655861"],"URL":"https:\/\/doi.org\/10.1108\/09685220610655861","relation":{},"ISSN":["0968-5227"],"issn-type":[{"type":"print","value":"0968-5227"}],"subject":[],"published":{"date-parts":[[2006,3,1]]}}}