• Login
    View Item 
    •   SMARTech Home
    • Georgia Tech Theses and Dissertations
    • Georgia Tech Theses and Dissertations
    • View Item
    •   SMARTech Home
    • Georgia Tech Theses and Dissertations
    • Georgia Tech Theses and Dissertations
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Explaining policy differences as a function of diverse governance institutions

    Thumbnail
    View/Open
    FLOWERS-DISSERTATION-2016.pdf (5.382Mb)
    Date
    2016-04-08
    Author
    Flowers, Jim David
    Metadata
    Show full item record
    Abstract
    This study asks the question: “How does the structure of cybersecurity policy relate to differences in structure of policy governance of universities and colleges?” The study has three objectives. First, the study seeks to add to the body of knowledge concerning the relationship between the structure of cybersecurity policy processes and the security policies developed by those processes. Second, the study seeks to demonstrate the usefulness of the Institutional Grammar Tool, Rules Configurations, and other methods employed to analyze institutional configurations. Third, the study seeks to provide pragmatic suggestions for cybersecurity practitioners to systematically identify deficiencies in policy structure that contribute to less than optimum outcomes. Research on this question is necessary as no integrative framework exists for describing or predicting how organizations adopt and implement cyber security policy. The study proposes such a framework by integrating an ideal model for cyber security governance with the principles of the Institutional Analysis and Design framework (IAD). Four research universities of the University System of Georgia are subjected to a cross-case comparison of information security policies. Interviews and policy documents provide a database of institutional statements that are analyzed using IAD methods and tools. Prior research suggests that elements of policy structure, such as how the policy fits the organization’s objectives and culture, are linked to policy effectiveness. Research also suggests that how those elements of policy structure reflect external threats and organizational factors are determined by how the cybersecurity policy development is integrated into the governance of university wide policy. In addition to demonstrating the utility of an integrated approach to studying the problem of creating effective policy, findings demonstrate how a well-integrated cybersecurity governance structure provides better fit, constructs policies of appropriate scope, and is more likely to include the components of governance necessary for policy effectiveness. Findings also suggest that policy form, the readability of policy, may be improved if the documents are analyzed using the institutional grammar tools suggested by the IAD and if collaboration with users and managers to construct policy is encouraged. The capability of the methods employed by the study to identify deficiencies in cyber security governance structure that are manifested in less effective policy outcomes may aid policy makers as they strive to develop policy solutions to an ever changing security threat
    URI
    http://hdl.handle.net/1853/54971
    Collections
    • Georgia Tech Theses and Dissertations [23403]
    • School of Public Policy Theses and Dissertations [251]

    Browse

    All of SMARTechCommunities & CollectionsDatesAuthorsTitlesSubjectsTypesThis CollectionDatesAuthorsTitlesSubjectsTypes

    My SMARTech

    Login

    Statistics

    View Usage StatisticsView Google Analytics Statistics
    facebook instagram twitter youtube
    • My Account
    • Contact us
    • Directory
    • Campus Map
    • Support/Give
    • Library Accessibility
      • About SMARTech
      • SMARTech Terms of Use
    Georgia Tech Library266 4th Street NW, Atlanta, GA 30332
    404.894.4500
    • Emergency Information
    • Legal and Privacy Information
    • Human Trafficking Notice
    • Accessibility
    • Accountability
    • Accreditation
    • Employment
    © 2020 Georgia Institute of Technology