Wang, Q.-H., Miller, S. M., & Deng, R. H. (2020). Driving cybersecurity policy insights from information on the internet. IEEE Security & Privacy Magazine, 18(6), 42–50. https://doi.org/10.1109/MSEC.2020.3000765 Cybersecurity policy analytics quantitatively evaluates the effectiveness of cybersecurity protection measures consisting of both technical and managerial countermeasures and is inherently interdisciplinary work, drawing on the concepts and methods from economics, business, social science, and law.
Mishra, A., Alzoubi, Y. I., Gill, A. Q., & Anwar, M. J. (2022). Cybersecurity enterprises policies: a comparative study. Sensors (14248220), 22(2), 538–N.PAG. https://doi.org/10.3390/s22020538. This journal article details a study that identified 10 common cybersecurity policy aspects in five enterprises: healthcare, finance, education, aviation, and e-commerce. The findings of this study reveal that the importance of cybersecurity requirements differs across multiple organizations.
Cram, W. A., Proudfoot, J. G., & D’Arcy, J. (2020). Maximizing employee compliance with cybersecurity policies. MIS Quarterly Executive, 19(3), 183–198. https://doi.org/10.17705/2msqe.00032 This article identifies which practices for promoting compliance are effective and ineffective and provides actionable recommendations for maximizing employee compliance.
Andronache, A. (2021). Increasing security awareness through lenses of cybersecurity culture. Journal of Information Systems & Operations Management, 15(1), 7. In this journal article, the author describes research study results and determines that attaining organizational resilience differs on how employees perceive formal (awareness and cybersecurity policy) and informal rules (i.e., culture). The importance of factoring in the human element into cybersecurity policy and security culture development is emphasized.
Solansky, S. T., & Beck, T. (2021). Interorganizational information sharing: Collaboration during cybersecurity threats. Public Administration Quarterly, 45(1), 105–122. https://doi.org/10.37808/paq.45.1.5 In this journal article, information sharing is examined to determine if the willingness to share information relates to the willingness to collaborate in interorganizational actions used to address cybersecurity threats. Implications for policy formation are discussed.