Cyber-security, Privacy and Ethics of IS
Loading...
Paper Number
1407
Paper Type
short
Description
Recent studies raise the concern that the regular communication of security guidelines and policies and their updates is not always the best option for organizations to protect information system's security. Users show symptoms of being frustrated or overwhelmed by security guidelines and consequently either ignore policies or actively pursue workarounds. Our aim is first, to understand the affective states of employees being confronted with security-related guidelines and the reasons for negative emotions. Second, we develop a communication strategy for security policies that avoids negative affective states and reduces the chance of security policies being ignored or worked around to foster compliance. In this paper, we introduce a framework by connecting the theories of security fatigue, psychological reactance, and the elaboration likelihood model. Our framework moreover considers different strategies to communicate security guidelines or policies. Finally, we draft an experimental setup to empirically evaluate our research model.
Recommended Citation
Olt, Christian M. and große Deters, Fenne, "On Security Guidelines and Policy Compliance: Considering Users’ Need for Autonomy" (2021). ICIS 2021 Proceedings. 2.
https://aisel.aisnet.org/icis2021/cyber_security/cyber_security/2
On Security Guidelines and Policy Compliance: Considering Users’ Need for Autonomy
Recent studies raise the concern that the regular communication of security guidelines and policies and their updates is not always the best option for organizations to protect information system's security. Users show symptoms of being frustrated or overwhelmed by security guidelines and consequently either ignore policies or actively pursue workarounds. Our aim is first, to understand the affective states of employees being confronted with security-related guidelines and the reasons for negative emotions. Second, we develop a communication strategy for security policies that avoids negative affective states and reduces the chance of security policies being ignored or worked around to foster compliance. In this paper, we introduce a framework by connecting the theories of security fatigue, psychological reactance, and the elaboration likelihood model. Our framework moreover considers different strategies to communicate security guidelines or policies. Finally, we draft an experimental setup to empirically evaluate our research model.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
07-Security