Research Report: Security Policy (Internet Usage Policy) Analysis
VerifiedAdded on 2020/03/07
|6
|2645
|267
Report
AI Summary
This research report presents a comprehensive literature review on security policies, with a specific emphasis on Internet Usage Policies (IUP) within organizations. The report analyzes the impact of IUP on employee behavior and organizational security, highlighting the significance of compliance and ethical considerations. It explores various theoretical approaches to security policy compliance, drawing from ten peer-reviewed journals to propose a new theory that incorporates the influence of organizational justice on IUP compliance intentions. Key findings include the direct and indirect effects of organizational justice in fostering ethical objections against internet abuses. The report also examines the impact of gender and sector differences on internet usage, cyber security awareness, and the importance of employee training. The conclusion emphasizes the relevance of security policies in protecting organizational information and the crucial role of employee awareness in the successful implementation of these policies. The report offers recommendations for management to prioritize awareness initiatives alongside policy compliance. This document is a valuable resource, and you can find more resources like this on Desklib.
Contribute Materials
Your contribution can guide someone’s learning journey. Share your
documents today.
Assignment 2 Details
3.2. ASST 2 Template
Research Report Template
Security Policy (Internet Usage Policy) - Research Report
Student Name
Student Number
E-mail Address
ABSTRACT
For this new world of technology most confronting security threat for an organization is the
Internet Security risks which generally result from the non-compliance with Internet Usage Policy
(IUP) of the employees of that organization. Many earlier studies made by different authors,
researchers and writers on the security policies had ignored the intrinsic motivation impact on the
compliance intentions of the employees. This report focuses on the theoretical approaches on
the compliance of Security policy in an organization regarding the Internet Usage policy and
considered the behaviour and reaction of the employees on these policies. Total ten peer-
reviewed journals have been chosen from the scholar which were appropriate and relevance to
the topic and based on their theories new theory have been proposed in this paper including all
the objectives which were important and relative to this topic. Based on the findings made by this
literature review, organizational justice influences IUP compliance intention directly and also
indirectly by fostering ethical objections against the abuses that are possible while using internet.
Keywords:
Security policy, Internet Usage Policy, Information Security Policy
3.2. ASST 2 Template
Research Report Template
Security Policy (Internet Usage Policy) - Research Report
Student Name
Student Number
E-mail Address
ABSTRACT
For this new world of technology most confronting security threat for an organization is the
Internet Security risks which generally result from the non-compliance with Internet Usage Policy
(IUP) of the employees of that organization. Many earlier studies made by different authors,
researchers and writers on the security policies had ignored the intrinsic motivation impact on the
compliance intentions of the employees. This report focuses on the theoretical approaches on
the compliance of Security policy in an organization regarding the Internet Usage policy and
considered the behaviour and reaction of the employees on these policies. Total ten peer-
reviewed journals have been chosen from the scholar which were appropriate and relevance to
the topic and based on their theories new theory have been proposed in this paper including all
the objectives which were important and relative to this topic. Based on the findings made by this
literature review, organizational justice influences IUP compliance intention directly and also
indirectly by fostering ethical objections against the abuses that are possible while using internet.
Keywords:
Security policy, Internet Usage Policy, Information Security Policy
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
INTRODUCTION
The main purpose of this report is to present a literature view on the Security policy in a research
manner. This literature throws light on present security policies that are being implemented in the
organization for the employees in Internet Usage Policy. Security policy can be defined as a
policy which means to be secure for an organization, system or any other entity. Security policy
in an organization refers to the constraints on the behavior of the members of the organization
including the constraints that are imposed on adversaries by certain mechanisms (Peltier 2016).
To make this topic clearer, this can be compared with the locks, keys, walls and doors.
METHODOLOGY
Ten scholarly articles were chosen among the articles (2012 – 2017) at Google Scholar. Some of
articles were chosen by searching ‘Internet Usage Policy’ under which some basics were find
about the internet and its usage policy then searched for the ‘awareness for security policy
among internet users. Next objective was to search for ‘Security Policy Compliance’ in which
several articles were popped out with titles information security compliances then some peer-
reviewed journals were selected among them to make this report an evidence-full research
report. Some books were also listed in that list but to make clearer only research papers are
being selected to present this report, which are peer-reviewed by several other writers or authors
or researchers.
LITERATURE REVIEW
Bertot, Jaeger and Hanses (2012) wrote a paper under title “Government Information Quarterly”
in which they discusses about the issues, recommendations and challenges of the impacting
policies on use of Social Media by Government. Main focus in this paper was to analyze different
policies on the using internet by government. First of all a relation was proposed between
government and social media in the implication, benefits, and dis-benefits were explained but
more or less benefits were major concern (Bertot, Jaegar and Hanses 2012). Then it compares
the policies or laws that were implemented on the employee for the use of internet. Various acts
were also explained in the paper to make justification whether the security policies are relevant
or not in this case. There was also a description table proposed by authors in order to relate
policy instrument, policy type and their descriptions which can be considered while concluding
that although, in manner to extend the services of the government different agencies are
increasing social media and other communication means by using internet (Bertot, Jaegar and
Hanses 2012). Further engage members of the public in government efforts, reach individuals,
and offer government information, is a large part of the system. In order to make this happen
there is a need of antiquated policy structure that can establish the parameters for the flows,
access, and dissemination of information.
Luiijf, Besseling and De Graaf (2013) researched on the cyber security strategies (NCSS)
published by a set of nations. Same set of cyber security threats were proposed by each country
but writers found that approaches made and the view of point of each country was different from
others. Paper was based on the analysis of NCSS proposed by 19 countries including Australia
and other developed and developing countries (Shafqat and Masood 2016). Comparisons
between NCSS of all 19 countries have also been proposed in this paper. Based on the NCSS
analysis and comparison writers concluded that many proposed NCSS were not clear in relating
The main purpose of this report is to present a literature view on the Security policy in a research
manner. This literature throws light on present security policies that are being implemented in the
organization for the employees in Internet Usage Policy. Security policy can be defined as a
policy which means to be secure for an organization, system or any other entity. Security policy
in an organization refers to the constraints on the behavior of the members of the organization
including the constraints that are imposed on adversaries by certain mechanisms (Peltier 2016).
To make this topic clearer, this can be compared with the locks, keys, walls and doors.
METHODOLOGY
Ten scholarly articles were chosen among the articles (2012 – 2017) at Google Scholar. Some of
articles were chosen by searching ‘Internet Usage Policy’ under which some basics were find
about the internet and its usage policy then searched for the ‘awareness for security policy
among internet users. Next objective was to search for ‘Security Policy Compliance’ in which
several articles were popped out with titles information security compliances then some peer-
reviewed journals were selected among them to make this report an evidence-full research
report. Some books were also listed in that list but to make clearer only research papers are
being selected to present this report, which are peer-reviewed by several other writers or authors
or researchers.
LITERATURE REVIEW
Bertot, Jaeger and Hanses (2012) wrote a paper under title “Government Information Quarterly”
in which they discusses about the issues, recommendations and challenges of the impacting
policies on use of Social Media by Government. Main focus in this paper was to analyze different
policies on the using internet by government. First of all a relation was proposed between
government and social media in the implication, benefits, and dis-benefits were explained but
more or less benefits were major concern (Bertot, Jaegar and Hanses 2012). Then it compares
the policies or laws that were implemented on the employee for the use of internet. Various acts
were also explained in the paper to make justification whether the security policies are relevant
or not in this case. There was also a description table proposed by authors in order to relate
policy instrument, policy type and their descriptions which can be considered while concluding
that although, in manner to extend the services of the government different agencies are
increasing social media and other communication means by using internet (Bertot, Jaegar and
Hanses 2012). Further engage members of the public in government efforts, reach individuals,
and offer government information, is a large part of the system. In order to make this happen
there is a need of antiquated policy structure that can establish the parameters for the flows,
access, and dissemination of information.
Luiijf, Besseling and De Graaf (2013) researched on the cyber security strategies (NCSS)
published by a set of nations. Same set of cyber security threats were proposed by each country
but writers found that approaches made and the view of point of each country was different from
others. Paper was based on the analysis of NCSS proposed by 19 countries including Australia
and other developed and developing countries (Shafqat and Masood 2016). Comparisons
between NCSS of all 19 countries have also been proposed in this paper. Based on the NCSS
analysis and comparison writers concluded that many proposed NCSS were not clear in relating
NCSS with the pre-existing international and national policies like European Digital Agenda, CIP,
and National Security Policy. Based on the proposals, they also recommended that NCSS should
be explained in detail regarding the topic “International Collaboration” (Luiijf, Besseling and De
Graff 2013). Another article was proposed by Li ET al. (2014) in which writers has shown the
effects of personal ethics and other policies regarding the internet use compliance in the
organization. The paper was started with a research on the security policy compliance
considering the prevalence of using internet in the workplace which was the prior objective of this
paper. Several theoretical hypothesis and foundations were expressed in the paper with
introducing approaches like IUP (Internet Usage Policy) compliance and self-regulatory
approach, IUP compliance and command-and-control approach (Li et al. 25014). This research
paper was full of evidences with various appropriate methodologies which helped in concluding
that considering both intrinsic and extrinsic motivational factors, IUP compliance needs
integrative understanding which writers have no doubt provide to the readers by their successful
research. Akman and Mishra (2015) discussed in their paper about the “Predictive effect of
gender and sector differences on Internet Usage among employees” in which they have
introduced all individuals as the key to use internet not the technology. This paper was based on
several research papers and literatures of various scholar articles and maximum of them were
peer-reviewed which made the paper less doubtful and more evidence proved. Research was
introduced regarding the gender and internet usage among them and final result was drawn by
investigating five hypotheses at significance level of 5% (Akman and Mishra 2015). Based on this
result they had concluded that the “gender” which was a variable for the research had significant
impact on “Internet usage for communication services and for information services” amongst rest
of the empirical variables used in the report.
Abawajy (2014) proposed an article emphasising on the awareness about the cyber security
among the employees of an organization or common people who are using internet for the
communication and information purpose. This paper was based on the issues related to the
security after the implementation of information security programmes in the organizations
providing evidence of phishing attacks and different cyber-attacks which can prey any
organization (Abjay 2014). This paper provided two issues related to the security awareness
programmes which were delivery approaches, effective in raising awareness about information
security programme among the people and the method which is proper to be delivered by
internet users. This paper helps in understanding that in order to empower people about the
security awareness on the internet use training can be powerful measure for them (Abjay 2014).
Video presentation is suggested as the most appropriate for the delivery of training among the
internet users and aware them about the security policies among the employee of an
organization and common people. Today’s best medium for using internet by an individual is
using smartphone or any mobile device and popular software is android (Wang, Xiang and
Fesenmaier 2016). Ongtang et al. (2012) proposed an article regarding the policies that can be
implemented for the security policies for the internet users in android. Basically the focus of this
paper was on the operating system used by internet users in various mobile devices and
comparing them with the android. A saint framework was proposed by authors which addresses
the limitations of Android security install-time permission-granting policies and inter-application
communication policies (Ongtang et al. 2012). They emphases on the need to adopt saint
framework by the real-world is the integration of several more applications and policies which are
required in the systems. Lowry et al. (2015) expressed their intentions about the security policies
for an organization to protect sensitive data about the organization. This report introduced the
and National Security Policy. Based on the proposals, they also recommended that NCSS should
be explained in detail regarding the topic “International Collaboration” (Luiijf, Besseling and De
Graff 2013). Another article was proposed by Li ET al. (2014) in which writers has shown the
effects of personal ethics and other policies regarding the internet use compliance in the
organization. The paper was started with a research on the security policy compliance
considering the prevalence of using internet in the workplace which was the prior objective of this
paper. Several theoretical hypothesis and foundations were expressed in the paper with
introducing approaches like IUP (Internet Usage Policy) compliance and self-regulatory
approach, IUP compliance and command-and-control approach (Li et al. 25014). This research
paper was full of evidences with various appropriate methodologies which helped in concluding
that considering both intrinsic and extrinsic motivational factors, IUP compliance needs
integrative understanding which writers have no doubt provide to the readers by their successful
research. Akman and Mishra (2015) discussed in their paper about the “Predictive effect of
gender and sector differences on Internet Usage among employees” in which they have
introduced all individuals as the key to use internet not the technology. This paper was based on
several research papers and literatures of various scholar articles and maximum of them were
peer-reviewed which made the paper less doubtful and more evidence proved. Research was
introduced regarding the gender and internet usage among them and final result was drawn by
investigating five hypotheses at significance level of 5% (Akman and Mishra 2015). Based on this
result they had concluded that the “gender” which was a variable for the research had significant
impact on “Internet usage for communication services and for information services” amongst rest
of the empirical variables used in the report.
Abawajy (2014) proposed an article emphasising on the awareness about the cyber security
among the employees of an organization or common people who are using internet for the
communication and information purpose. This paper was based on the issues related to the
security after the implementation of information security programmes in the organizations
providing evidence of phishing attacks and different cyber-attacks which can prey any
organization (Abjay 2014). This paper provided two issues related to the security awareness
programmes which were delivery approaches, effective in raising awareness about information
security programme among the people and the method which is proper to be delivered by
internet users. This paper helps in understanding that in order to empower people about the
security awareness on the internet use training can be powerful measure for them (Abjay 2014).
Video presentation is suggested as the most appropriate for the delivery of training among the
internet users and aware them about the security policies among the employee of an
organization and common people. Today’s best medium for using internet by an individual is
using smartphone or any mobile device and popular software is android (Wang, Xiang and
Fesenmaier 2016). Ongtang et al. (2012) proposed an article regarding the policies that can be
implemented for the security policies for the internet users in android. Basically the focus of this
paper was on the operating system used by internet users in various mobile devices and
comparing them with the android. A saint framework was proposed by authors which addresses
the limitations of Android security install-time permission-granting policies and inter-application
communication policies (Ongtang et al. 2012). They emphases on the need to adopt saint
framework by the real-world is the integration of several more applications and policies which are
required in the systems. Lowry et al. (2015) expressed their intentions about the security policies
for an organization to protect sensitive data about the organization. This report introduced the
investments made by the organization to protect their personal information from being breached
or exposed to unauthorized persons. Based on the findings made in this paper writers concluded
that “GDT-based constructs of sanction severity, certainty, and celerity had no significant
influence on reactive CA” (Lowry et al. 2015). Al-Omari, El-Gayar and Deokar (2012) discussed
about the “Security Policy Compliance in a user acceptance perspective”. Writers emphases on
the need of implementing new effective design for the security policies to enhance various
resources by giving highest priority to the guidelines which concerns on the employee
governance and their behaviour control by the creation of information security policies (ISPs)
(Gayar and Deokar 2012). A Security Awareness Model has been proposed in the paper based
on the findings of the literature review done in the paper which underscores the dimension of
internet user in addressing the ISP compliance issues.
Sommestad et al. (2014) made research on the “Variables influencing information security policy
compliance” by presenting systematic review on different studies. There were 29 studies taken in
account for this review in which writers had pointed 60 variables for the compliance and
incompliance of Security policies. Number of theories are misusing the relation of security policy
compliance have been found in this study. Several variables which were stated in those 29
studies have been investigated relating the attitude of people, their intentions and their actual
behaviour (Sommestad et al. 2014). Cerebral and emotional variables were represented as hard
and soft variables in this paper in which writers depicted that “soft variables seem to be more
important than hard variables” (Sommestad et al. 2014). Safa, Von Soms and Furnell 2016 put
light on the “Information Security Compliance model in organizations” considering the information
security knowledge sharing, intervention, collaboration and experience which were being
replaced by the involvement in SBT on the basis of nature and such involvement meaning.
Knowledge sharing about the information security helps in showing the importance of complying
Information Security Policy in an organization whereas, it also increase awareness among the
employees of that organization(Safa, Von Soms and Furnell 2016).
KEY RECOMMENDATIONS
Security policy for the internet use by employees in an organization is an important aspect
towards protecting the personal and important information of that organization. Awareness
towards the policies implemented in the security policy among the employees is also as
important as security policy. Management should focus more on increasing awareness about
these policies than complying policies in the organization.
CONCLUSION
Research is made in the form of literature review on the articles proposed by different writers
about the security policy in an organization and their possible aspects and results on the
organization and on the employees of the organization. Based on the above report it can be
concluded that security policy is completely relevance in the view of protecting information of the
organization. It can also be concluded that awareness among the employees towards the
security policy is an important aspect for the proper functioning and successful implication of
security policies.
or exposed to unauthorized persons. Based on the findings made in this paper writers concluded
that “GDT-based constructs of sanction severity, certainty, and celerity had no significant
influence on reactive CA” (Lowry et al. 2015). Al-Omari, El-Gayar and Deokar (2012) discussed
about the “Security Policy Compliance in a user acceptance perspective”. Writers emphases on
the need of implementing new effective design for the security policies to enhance various
resources by giving highest priority to the guidelines which concerns on the employee
governance and their behaviour control by the creation of information security policies (ISPs)
(Gayar and Deokar 2012). A Security Awareness Model has been proposed in the paper based
on the findings of the literature review done in the paper which underscores the dimension of
internet user in addressing the ISP compliance issues.
Sommestad et al. (2014) made research on the “Variables influencing information security policy
compliance” by presenting systematic review on different studies. There were 29 studies taken in
account for this review in which writers had pointed 60 variables for the compliance and
incompliance of Security policies. Number of theories are misusing the relation of security policy
compliance have been found in this study. Several variables which were stated in those 29
studies have been investigated relating the attitude of people, their intentions and their actual
behaviour (Sommestad et al. 2014). Cerebral and emotional variables were represented as hard
and soft variables in this paper in which writers depicted that “soft variables seem to be more
important than hard variables” (Sommestad et al. 2014). Safa, Von Soms and Furnell 2016 put
light on the “Information Security Compliance model in organizations” considering the information
security knowledge sharing, intervention, collaboration and experience which were being
replaced by the involvement in SBT on the basis of nature and such involvement meaning.
Knowledge sharing about the information security helps in showing the importance of complying
Information Security Policy in an organization whereas, it also increase awareness among the
employees of that organization(Safa, Von Soms and Furnell 2016).
KEY RECOMMENDATIONS
Security policy for the internet use by employees in an organization is an important aspect
towards protecting the personal and important information of that organization. Awareness
towards the policies implemented in the security policy among the employees is also as
important as security policy. Management should focus more on increasing awareness about
these policies than complying policies in the organization.
CONCLUSION
Research is made in the form of literature review on the articles proposed by different writers
about the security policy in an organization and their possible aspects and results on the
organization and on the employees of the organization. Based on the above report it can be
concluded that security policy is completely relevance in the view of protecting information of the
organization. It can also be concluded that awareness among the employees towards the
security policy is an important aspect for the proper functioning and successful implication of
security policies.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
REFERENCES
Abawajy, J., 2014. User preference of cyber security awareness delivery methods. Behaviour &
Information Technology, 33(3), pp.237-248.
Akman, I. and Mishra, A., 2015. Predictive effect of gender and sector differences on internet
usage among employees. Engineering Economics, 21(3).
Al-Omari, A., El-Gayar, O. and Deokar, A., 2012, January. Security policy compliance: User
acceptance perspective. In System Science (HICSS), 2012 45th Hawaii International Conference
on (pp. 3317-3326). IEEE.
Bertot, J.C., Jaeger, P.T. and Hansen, D., 2012. The impact of polices on government social
media usage: Issues, challenges, and recommendations. Government information
quarterly, 29(1), pp.30-40.
Li, H., Sarathy, R., Zhang, J. and Luo, X., 2014. Exploring the effects of organizational justice,
personal ethics and sanction on internet use policy compliance. Information Systems
Journal, 24(6), pp.479-502.
Lowry, P.B., Posey, C., Bennett, R.B.J. and Roberts, T.L., 2015. Leveraging fairness and
reactance theories to deter reactive computer abuse following enhanced organisational
information security policies: An empirical study of the influence of counterfactual reasoning and
organisational trust. Information Systems Journal, 25(3), pp.193-273.
Luiijf, E., Besseling, K. and De Graaf, P., 2013. Nineteen national cyber security
strategies. International Journal of Critical Infrastructures 6, 9(1-2), pp.3-31.
Ongtang, M., McLaughlin, S., Enck, W. and McDaniel, P., 2012. Semantically rich application‐
centric security in Android. Security and Communication Networks, 5(6), pp.658-673.
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M. and Jerram, C., 2014. Determining
employee awareness using the human aspects of information security questionnaire (HAIS-
Q). Computers & security, 42, pp.165-176.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in
organizations. computers & security, 56, pp.70-82.
Shafqat, N. and Masood, A., 2016. Comparative analysis of various national cyber security
strategies. International Journal of Computer Science and Information Security, 14(1), p.129.
Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing
information security policy compliance: a systematic review of quantitative studies. Information
Management & Computer Security, 22(1), pp.42-75.
Wang, D., Xiang, Z. and Fesenmaier, D.R., 2016. Smartphone use in everyday life and travel.
Journal of Travel Research, 55(1), pp.52-63.
Abawajy, J., 2014. User preference of cyber security awareness delivery methods. Behaviour &
Information Technology, 33(3), pp.237-248.
Akman, I. and Mishra, A., 2015. Predictive effect of gender and sector differences on internet
usage among employees. Engineering Economics, 21(3).
Al-Omari, A., El-Gayar, O. and Deokar, A., 2012, January. Security policy compliance: User
acceptance perspective. In System Science (HICSS), 2012 45th Hawaii International Conference
on (pp. 3317-3326). IEEE.
Bertot, J.C., Jaeger, P.T. and Hansen, D., 2012. The impact of polices on government social
media usage: Issues, challenges, and recommendations. Government information
quarterly, 29(1), pp.30-40.
Li, H., Sarathy, R., Zhang, J. and Luo, X., 2014. Exploring the effects of organizational justice,
personal ethics and sanction on internet use policy compliance. Information Systems
Journal, 24(6), pp.479-502.
Lowry, P.B., Posey, C., Bennett, R.B.J. and Roberts, T.L., 2015. Leveraging fairness and
reactance theories to deter reactive computer abuse following enhanced organisational
information security policies: An empirical study of the influence of counterfactual reasoning and
organisational trust. Information Systems Journal, 25(3), pp.193-273.
Luiijf, E., Besseling, K. and De Graaf, P., 2013. Nineteen national cyber security
strategies. International Journal of Critical Infrastructures 6, 9(1-2), pp.3-31.
Ongtang, M., McLaughlin, S., Enck, W. and McDaniel, P., 2012. Semantically rich application‐
centric security in Android. Security and Communication Networks, 5(6), pp.658-673.
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M. and Jerram, C., 2014. Determining
employee awareness using the human aspects of information security questionnaire (HAIS-
Q). Computers & security, 42, pp.165-176.
Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for
effective information security management. CRC Press.
Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in
organizations. computers & security, 56, pp.70-82.
Shafqat, N. and Masood, A., 2016. Comparative analysis of various national cyber security
strategies. International Journal of Computer Science and Information Security, 14(1), p.129.
Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing
information security policy compliance: a systematic review of quantitative studies. Information
Management & Computer Security, 22(1), pp.42-75.
Wang, D., Xiang, Z. and Fesenmaier, D.R., 2016. Smartphone use in everyday life and travel.
Journal of Travel Research, 55(1), pp.52-63.
1 out of 6
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.