Loading...

Media is loading
 

Paper Type

ERF

Paper Number

1156

Description

Employee non-compliance with information security policies will result in vulnerabilities for organizations. These vulnerabilities are commonly addressed through awareness messaging within a security education, training, and awareness (SETA) program. Unfortunately, even companies with successful SETA programs continue to suffer from employee non-compliance. This study proposes that organizations should focus on improving awareness messaging to improve employee awareness and reduce the vulnerabilities related to non-compliance. This proposal relies on the application of the situational theory of publics (STP), a theory from the field of public relations which explains employees may be grouped based on their level of recognition of an issue, their level of involvement with the issue, and the perceptions of barriers preventing them from addressing or responding to the issue. Security awareness messages can then be developed specifically to target employees based on their group membership, leading to improved awareness, increased compliance, and reduced vulnerabilities.

Comments

SIG SEC

Share

COinS
 
Aug 10th, 12:00 AM

How to Increase InfoSec Compliance by Matching the Messaging to the Right Users?

Employee non-compliance with information security policies will result in vulnerabilities for organizations. These vulnerabilities are commonly addressed through awareness messaging within a security education, training, and awareness (SETA) program. Unfortunately, even companies with successful SETA programs continue to suffer from employee non-compliance. This study proposes that organizations should focus on improving awareness messaging to improve employee awareness and reduce the vulnerabilities related to non-compliance. This proposal relies on the application of the situational theory of publics (STP), a theory from the field of public relations which explains employees may be grouped based on their level of recognition of an issue, their level of involvement with the issue, and the perceptions of barriers preventing them from addressing or responding to the issue. Security awareness messages can then be developed specifically to target employees based on their group membership, leading to improved awareness, increased compliance, and reduced vulnerabilities.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.