Journal of Information Systems Education


Information Security issues are one of the top concerns of CEOs. Accordingly, information systems education and research have addressed security issues. One of the main areas of research is the behavioral issues in Information Security, primarily focusing on users’ compliance to information security policies. We contribute to this literature by arguing that proper implementation of security policies requires effective training. Specifically, we argue that adherence to security policies could be improved by using training strategies where written policies are ‘shown’. To test our assertion, we use a scenario that users often face when browsing – installation of java applets. Based on previous literature, we identified key antecedents of compliance and tested their effectiveness in an experimental setting. One group of users received guidance from a written policy, whereas the other group was ‘shown’ the meaning of the written policy in the form of a video. Our contribution is simple yet powerful – effective information security training can be accomplished when users are shown the reasons behind the written policies. In other words, in addition to written policies, it is beneficial to actually ‘show’ what the policies accomplish.



When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.