The acceptable state: An analysis of the current state of acceptable use policies in academic institutions

Jake Weidman, Jens Grossklags

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

The Acceptable Use Policy has been a mainstay of organizational security for decades. These foundational policies were originally designed to detail sets of rules and requirements for users on an organizational network to follow while using a given network's resources, and often contained a series of restrictions dictating what users were not permitted to do. As organizational security models have progressed, newer policies, standards, and guidelines have been progressively introduced, and often contain similar, more specific requirements that users must follow when using an organizational network. Based on these developments, we ask the following: In the increasingly complex organizational security landscape, are Acceptable Use Policies still relevant? In this study, we conduct a study utilizing 176 Acceptable Use Policies currently deployed at universities in the United States. Using a number of methods including a detailed coding of each policy, we present a summary on the current state of Acceptable Use Policies, as well as the university environment they exist in. We find that while Acceptable Use Policies are not relevant from a technical standpoint, they serve as a legal foundation to a university's security efforts, and as such could be improved upon in the modern organizational landscape.

Original languageEnglish
Title of host publication27th European Conference on Information Systems - Information Systems for a Sharing Society, ECIS 2019
EditorsJan vom Brocke, Shirley Gregor, Oliver Muller
PublisherAssociation for Information Systems
ISBN (Electronic)9781733632508
StatePublished - 2020
Event27th European Conference on Information Systems: Information Systems for a Sharing Society, ECIS 2019 - Stockholm and Uppsala, Sweden
Duration: 8 Jun 201914 Jun 2019

Publication series

Name27th European Conference on Information Systems - Information Systems for a Sharing Society, ECIS 2019

Conference

Conference27th European Conference on Information Systems: Information Systems for a Sharing Society, ECIS 2019
Country/TerritorySweden
CityStockholm and Uppsala
Period8/06/1914/06/19

Keywords

  • Acceptable Use Policy
  • Information Systems
  • Policy Analysis
  • Policy Management

Fingerprint

Dive into the research topics of 'The acceptable state: An analysis of the current state of acceptable use policies in academic institutions'. Together they form a unique fingerprint.

Cite this