How to Increase InfoSec Compliance by Matching the Messaging to the Right Users?

Presenter Information

Leigh A. Mutchler, James Madison UniversityFollow
Amy J. Connolly, James Madison UniversityFollow

Paper Type

ERF

Paper Number

1156

Description

Employee non-compliance with information security policies will result in vulnerabilities for organizations. These vulnerabilities are commonly addressed through awareness messaging within a security education, training, and awareness (SETA) program. Unfortunately, even companies with successful SETA programs continue to suffer from employee non-compliance. This study proposes that organizations should focus on improving awareness messaging to improve employee awareness and reduce the vulnerabilities related to non-compliance. This proposal relies on the application of the situational theory of publics (STP), a theory from the field of public relations which explains employees may be grouped based on their level of recognition of an issue, their level of involvement with the issue, and the perceptions of barriers preventing them from addressing or responding to the issue. Security awareness messages can then be developed specifically to target employees based on their group membership, leading to improved awareness, increased compliance, and reduced vulnerabilities.

Comments

SIG SEC

Recommended Citation

Mutchler, Leigh A. and Connolly, Amy J., "How to Increase InfoSec Compliance by Matching the Messaging to the Right Users?" (2022). AMCIS 2022 Proceedings. 10.
https://aisel.aisnet.org/amcis2022/sig_sec/sig_sec/10