Abstract: Policies are high-level statements that are equal to organizational law and drive the decision-making process within the organization. Information security policy is not easy to develop unless organizations clearly identify the necessary steps required in the development process of an information security policy, particularly in institutions of higher education that largely utilize IT. An inappropriate development process or replication of security policy content from other organizations could fail in execution. The execution of a duplicated policy could fail to act in accordance with enforceable rules and regulations even though it is well developed. Hence, organizations need to develop appropriate policies in compliance with the organization regulatory requirements. This paper aims to reviews policies from selected universities with regards to ISO 27001:2013 minimum requirements as well as effective online presentation. The online presentation review covers the elements of aesthetics, navigation and content presentation. The information on the security policy document resides on the universities’ website.

Arash Ghazvini, Zarina Shukur and Zaihosnita Hood. “Review of Information Security Policy based on Content Coverage and Online Presentation in Higher Education”. International Journal of Advanced Computer Science and Applications (IJACSA) 9.8 (2018). http://dx.doi.org/10.14569/IJACSA.2018.090853

@article{Ghazvini2018,
title = {Review of Information Security Policy based on Content Coverage and Online Presentation in Higher Education},
journal = {International Journal of Advanced Computer Science and Applications},
doi = {10.14569/IJACSA.2018.090853},
url = {http://dx.doi.org/10.14569/IJACSA.2018.090853},
year = {2018},
publisher = {The Science and Information Organization},
volume = {9},
number = {8},
author = {Arash Ghazvini and Zarina Shukur and Zaihosnita Hood}
}