Abstract
Security, privacy, Bring Your Own Device (BYOD), and other information technology usage policies are an essential component of a cybersecurity plan and its implementation within organizations. In this thesis, we present the method and results of a web-based content analysis describing the public availability of such policies for a randomly selected set of 52 U.S. educational institutions. Method: A set of Google searches was performed within each institution’s main website, in 2016, using a set of security policy terms. Results: 90.4% Privacy Policy, 34.6% Information Security Policy, 42.3% Security Policy, 1.9% BYOD Policy, 82.7% Acceptable Use Policy, 28.8% Authentication and Password Policy, 19.2% Data Classification Policy, 11.9% Incident Response Policy, 2% Mobile Device Policy, 71.7% Network and VPN, 29.2% Cloud Services Policy, 3.8% Physical Security Policy, 82.7% Data Retention Policy, 30.8% Contractor Connection Policy, 96.2% Wireless Access Policy, 80.7% A Policy Change Log.