Creating an information security policyin a bank: Linguistic aspects

T. Kamou, Olivier Mozard

doi:10.1075/etc.22001.tio

Article published In:

English Text Construction
Vol. 16:1 (2023) ► pp.59–81

Creating an information security policy in a bank

Linguistic aspects

Olivier Mozard T. Kamou | HSE University, Nizhny Novgorod

Information security policies are particularly important when it comes to maintaining information security within an organization. As a result, creating an information security policy is an invaluable process that cannot be undermined. This study aims at investigating how these information security policies are created, specifically in banks, from a linguistic perspective. The study employed the use of corpora and analyzed ten information security policies of banks randomly collected online. The analyses were categorized under five levels of linguistic analysis which included: the mode, lexis, grammar, speech acts, and discourse. Some statistical analyses which involved clustering were also performed at the level of discourse in order to find similar patterns in the information security policies. The results show that banks use the same linguistic features when writing their information security policies. The results also reveal how these linguistic features are used to develop a comprehensive and effective information security policy.

Keywords: information, information security policy, corpus, corpus linguistics, corpus-driven

Article outline

1.Introduction
2.Literature review
- 2.1Security threats and information security policies
- 2.2The creation of an information security policy
  - 2.2.1The content
  - 2.2.2The language
3.Methodology
- 3.1A corpus approach
- 3.2Corpus compilation and annotation
- 3.3Corpus analysis
4.Findings
- 4.1The mode
- 4.2Lexis
- 4.3Grammar
- 4.4Speech act
  - Commissives
  - Representatives
  - Directives
- 4.5Discourse
5.Discussion
6.Conclusion
Acknowledgments
References

Published online: 17 November 2023

https://doi.org/10.1075/etc.22001.tio

References (26)

References

Alqahtani, F. Hussain. 2017. Developing an information security policy: a case study approach. Procedia Computer Science 1241. 69–697.

Alshaikh, Moneer, Sean B. Maynard, Atef Ahmad & Shanton Chang. (2016). Information Security Policy: A Management Practice Perspective. Paper presented at the 26th Australasian Conference on Information Systems Adelaide, South Australia.

Anthony, Laurence. 2019. Antconc (Version 3.5.8) [Computer Software]. Tokyo, Japan: Waseda University. [URL]

Biber, Douglas, Susan Conrad & Randi Reppen. 1998. Corpus linguistics: investigating language structure and use. Cambridge: Cambridge University Press.

Butler, Christopher. 2004. Corpus studies and functional linguistic theories. Functions of Language 891. 147–186.

Cassetto, O. 2019. The eight elements of an information security policy. Retrieved from: [URL]

Flowerday, V. Stephen & Tite Tuyikeze. 2016. Information security policy development and implementation: The what, how and who. Computers & Security 611. 169–183

Fruhlinger, Josh. 2017. What is Information Security? Definition, Principles, and Jobs. Retrieved from: [URL]. (Accessed October 2020).

Goel, Sanjay & Chengalur-Smith N. Indushobha. 2010. Metrics for characterizing the form of security policies. Journal of Strategic Information System 19 (4): 281–295.

Gries, Th. Stefan. 2009. Useful statistics for corpus linguistics. Retrieved from [URL] (Accessed March 2021).

Hardie, Andrew & Tony McEnery. 2010. On two traditions in corpus linguistics, and what they have in common. International Journal of Corpus Linguistics 151. 384–394.

Höne, Karin & Jan Eloff. 2002b. What makes an effective information security policy? Network Security 2 (6): 14–16.

Ibarra, R. Peter & John I. Kitsuse. 1993. Vernacular constituents of moral discourse: An Interactionist proposal for the study of social problems. In Gale Miller & James A. Holstein (eds.), Constructionalist Controversies: Issues in Social Problems Theory, 21–54. New York: Aldine de Gruyter.

Johnston, C. Allen & Merrill Warkentin. 2010. Fear appeals and information security behaviors: an empirical study. MIS Quarterly 341. 549–566.

Kamariza, Yvette. 2017. Implementation of information security policies in public organizations: top management as a Success Factor. Master’s Thesis, Jonkoping University.

Leech, Geoffrey. 2004. Adding linguistic annotation. In Developing Linguistic Corpora: a guide to good practice, M. Wynne (ed.). Oxford: Oxbow books, 17–29.

Miller, Andrew. 2007. Writing effective information security policies. Retrieved from: [URL] (Accessed October 2020).

Neuenschwander, Sara. 2006. The social construction of claims-making: Bahamian anglers vs. non-resident sports-fishermen. Master’s Thesis, University of Central Florida.

Noli, B. Lucila. 2016. Information security policy development: a literature review. International Journal of Innovative Research in Information Security, 31.

Paapanen, Hanna, Michael Lapke & Mikko Siponen. 2020. State of the art in information security policy development. Computers and Security 881.

Peltier, R. Thomas, Justin Peltier. & John A. Blackley. 2003. Information Security Fundamentals. Boca Ranton, Fla: Auerbach Publications.

Plappert, G. Lee. 2012. Phraseology and epistemology in scientific writing: a corpus-driven approach. PhD Thesis, University of Birmingham.

Rhodes-Ousley, Mark. 2013. Information Security: The Complete Reference, Second Edition. US: McGraw-Hill Osborne Media.

Rostami, Elham, Fredrik Karlsson & Shang Gao. 2020. Requirements for computerized tools to design information security policies. Computer and Security 991.

Searle, R. John. 1969. Speech acts: An essay in the philosophy of language. Cambridge: Cambridge University Press.

Tongini-Bonelli, Elena. 2001. Corpus Linguistics at Work. John Benjamins Publishing Co.