Readability as a basis for information security policy assessment

Alkhurayyif, Yazeed and Weir, George R S; (2017) Readability as a basis for information security policy assessment. In: Seventh IEEE International Conference on Emerging Security Technologies (EST). IEEE, Piscataway, NJ. ISBN 9781538640180 (https://doi.org/10.1109/EST.2017.8090409)

Preview

Text. Filename: Alkhurayyif_Weir_EST2017_Readability_as_a_basis_for_information_security_policy_assessment.pdf Accepted Author Manuscript Download (352kB)| Preview

Abstract

Most organisations now impose information security policies (ISPs) or 'conditions of use' agreements upon their employees. The need to ensure that employees are informed and aware of their obligations toward information security is apparent. Less apparent is the correlation between the provision of such policies and their compliance. In this paper, we report our research into the factors that determine the efficacy of information security policies (ISPs). Policies should comprise rules or principles that users can easily understand and follow. Presently, there is no ready mechanism for estimating the likely efficacy of such policies across an organisation. One factor that has a plausible impact upon the comprehensibility of policies is their readability. The present study investigates the effectiveness of applying readability metrics as an indicator of policy comprehensibility. Results from a preliminary study reveal variations in the comprehension test results attributable to the difficulty of the examined policies. The pilot study shows some correlation between the software readability formula results and human comprehension test results and supports our view that readability has an impact upon understanding ISPs. These findings have important implications for users’ compliance with information security policies and suggest that the application of suitably selected readability metrics may allow policy designers to evaluate their draft policies for ease of comprehension prior to policy release. Indeed, there may be grounds for a readability compliance test that future ISPs must satisfy.

ORCID iDs

Alkhurayyif, Yazeed ORCID: https://orcid.org/0000-0002-2312-2807

Weir, George R S ORCID: https://orcid.org/0000-0002-6264-4480

• Share and Export
  

  RDF+XMLBibTeXRIOXX2 XMLRDF+N-TriplesJSONDublin CoreAtomSimple MetadataReferMETSHTML CitationASCII CitationOpenURL ContextObjectEndNoteOpenURL ContextObject in SpanMODSMPEG-21 DIDLEP3 XMLData Cite XMLRIS (EndNote Online, Zotero, Ref manager, etc)RDF+N3Multiline CSV
• Item metadata

  Item type:	Book Section
  ID code:	62863
  Dates:	Date Event 2 November 2017 Published 11 July 2017 Accepted
  Notes:	© 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
  Subjects:	Technology > Electrical engineering. Electronics Nuclear engineering
  Department:	Faculty of Science > Computer and Information Sciences
  Depositing user:	Pure Administrator
  Date deposited:	15 Jan 2018 14:47
  Last modified:	21 Nov 2024 01:28
  Related URLs:	Event
  URI:	https://strathprints.strath.ac.uk/id/eprint/62863