Digital information security management policy in academic libraries: A systematic review (2010–2022)

Abstract

Digital information security management (DISM) is considered an important tool to ensure the privacy and protection of data and resources in an electronic environment. The purpose of this research is to look into the applications of DISM policies in terms of practices and implementation in academic libraries. It also identifies the challenges faced by academic libraries in applying these DISM practices regarding policy. A systematic literature review was conducted to achieve the objectives of the study. The data were collected from well-known different databases, that is, Library Information Science and Technology Abstracts (LISTA), Library and Information Science Abstracts (LISA), IEEE Xplore, Emerald Insight, ACM Digital Library, Scopus, Sage journals, Taylor & Francis, ProQuest, Science Direct, Wiley Online Library, and Google Scholar. It followed the Preferred Reporting Items for Systematic Reviews and Meta-Analyses (PRISMA) guidelines to choose relevant articles with keyword searching. Some academic libraries have developed DISM policies on data protection, data backup, information security (IS) systems, the development of hardware and software, the training of library staff, data protection from malware and social engineering, and data security and privacy. A few libraries have developed a mechanism to protect and secure users’ sensitive data from hackers, viruses, malware and social engineering. Findings indicated that both organisations and users trust libraries due to their strict privacy and data security policies. However, some academic libraries did not adopt and implement DISM policies in their organisations, even though they had written DISM policies. Libraries have been facing issues with the DISM policy on data security and privacy, data backup, IS systems, hardware and software upgrades and technical support of library staff. They also face budgetary challenges and a lack of readiness among librarians to adopt emerging tools and technology such as DISM. Library professionals faced challenges in developing and implementing the DISM policy. For data security and privacy, stakeholders, administrators and library professionals must promote the DISM policy culture in academics. This study is beneficial for library professionals, policymakers, administrators and management to make DISM policies and implement them in their organisation or libraries to secure sensitive, personal data and resources. This article is the first review of DISM policy in academic libraries of its kind and would be useful for information professionals, stakeholders and administrators.