Cover not available
Article published In:
English Text Construction
Vol. 16:1 (2023) ► pp.5981

Creating an information security policy in a bank

Linguistic aspects

ORCID logo | HSE University, Nizhny Novgorod

Information security policies are particularly important when it comes to maintaining information security within an organization. As a result, creating an information security policy is an invaluable process that cannot be undermined. This study aims at investigating how these information security policies are created, specifically in banks, from a linguistic perspective. The study employed the use of corpora and analyzed ten information security policies of banks randomly collected online. The analyses were categorized under five levels of linguistic analysis which included: the mode, lexis, grammar, speech acts, and discourse. Some statistical analyses which involved clustering were also performed at the level of discourse in order to find similar patterns in the information security policies. The results show that banks use the same linguistic features when writing their information security policies. The results also reveal how these linguistic features are used to develop a comprehensive and effective information security policy.

Keywords: information, information security policy, corpus, corpus linguistics, corpus-driven
Article outline
  • 1.Introduction
  • 2.Literature review
    • 2.1Security threats and information security policies
    • 2.2The creation of an information security policy
      • 2.2.1The content
      • 2.2.2The language
  • 3.Methodology
    • 3.1A corpus approach
    • 3.2Corpus compilation and annotation
    • 3.3Corpus analysis
  • 4.Findings
    • 4.1The mode
    • 4.2Lexis
    • 4.3Grammar
    • 4.4Speech act
      • Commissives
      • Representatives
      • Directives
    • 4.5Discourse
  • 5.Discussion
  • 6.Conclusion
  • Acknowledgments
  • References
Published online: 17 November 2023
DOI logo
https://doi.org/10.1075/etc.22001.tio
References
Alqahtani, F. Hussain
2017Developing an information security policy: a case study approach. Procedia Computer Science 1241. 69–697. DOI logoGoogle Scholar
Alshaikh, Moneer, Sean B. Maynard, Atef Ahmad & Shanton Chang
(2016) Information Security Policy: A Management Practice Perspective. Paper presented at the 26th Australasian Conference on Information Systems Adelaide, South Australia.
Anthony, Laurence
2019Antconc (Version 3.5.8) [Computer Software]. Tokyo, Japan: Waseda University. [URL]
Biber, Douglas, Susan Conrad & Randi Reppen
1998Corpus linguistics: investigating language structure and use. Cambridge: Cambridge University Press. DOI logoGoogle Scholar
Butler, Christopher
2004Corpus studies and functional linguistic theories. Functions of Language 891. 147–186. DOI logoGoogle Scholar
Cassetto, O.
2019The eight elements of an information security policy. Retrieved from: [URL]
Flowerday, V. Stephen & Tite Tuyikeze
2016Information security policy development and implementation: The what, how and who. Computers & Security 611. 169–183 DOI logoGoogle Scholar
Fruhlinger, Josh
2017What is Information Security? Definition, Principles, and Jobs. Retrieved from: [URL]. (Accessed October 2020).
Goel, Sanjay & Chengalur-Smith N. Indushobha
2010Metrics for characterizing the form of security policies. Journal of Strategic Information System 19 (4): 281–295. DOI logoGoogle Scholar
Gries, Th. Stefan
2009Useful statistics for corpus linguistics. Retrieved from [URL] (Accessed March 2021).
Hardie, Andrew & Tony McEnery
2010On two traditions in corpus linguistics, and what they have in common. International Journal of Corpus Linguistics 151. 384–394. DOI logoGoogle Scholar
Höne, Karin & Jan Eloff
2002bWhat makes an effective information security policy? Network Security 2 (6): 14–16. DOI logoGoogle Scholar
Ibarra, R. Peter & John I. Kitsuse
1993Vernacular constituents of moral discourse: An Interactionist proposal for the study of social problems. In Gale Miller & James A. Holstein (eds.), Constructionalist Controversies: Issues in Social Problems Theory, 21–54. New York: Aldine de Gruyter.Google Scholar
Johnston, C. Allen & Merrill Warkentin
2010Fear appeals and information security behaviors: an empirical study. MIS Quarterly 341. 549–566. DOI logoGoogle Scholar
Kamariza, Yvette
2017Implementation of information security policies in public organizations: top management as a Success Factor. Master’s Thesis, Jonkoping University.
Leech, Geoffrey
2004Adding linguistic annotation. In Developing Linguistic Corpora: a guide to good practice, M. Wynne (ed.). Oxford: Oxbow books, 17–29.Google Scholar
Miller, Andrew
2007Writing effective information security policies. Retrieved from: [URL] (Accessed October 2020).
Neuenschwander, Sara
2006The social construction of claims-making: Bahamian anglers vs. non-resident sports-fishermen. Master’s Thesis, University of Central Florida.
Noli, B. Lucila
2016Information security policy development: a literature review. International Journal of Innovative Research in Information Security, 31.Google Scholar
Paapanen, Hanna, Michael Lapke & Mikko Siponen
2020State of the art in information security policy development. Computers and Security 881. DOI logoGoogle Scholar
Peltier, R. Thomas, Justin Peltier. & John A. Blackley
2003Information Security Fundamentals. Boca Ranton, Fla: Auerbach Publications.Google Scholar
Plappert, G. Lee
2012Phraseology and epistemology in scientific writing: a corpus-driven approach. PhD Thesis, University of Birmingham.
Rhodes-Ousley, Mark
2013Information Security: The Complete Reference, Second Edition. US: McGraw-Hill Osborne Media.Google Scholar
Rostami, Elham, Fredrik Karlsson & Shang Gao
2020Requirements for computerized tools to design information security policies. Computer and Security 991. DOI logoGoogle Scholar
Searle, R. John
1969Speech acts: An essay in the philosophy of language. Cambridge: Cambridge University Press. DOI logoGoogle Scholar
Tongini-Bonelli, Elena
2001Corpus Linguistics at Work. John Benjamins Publishing Co. DOI logoGoogle Scholar