Readability as a basis for information security policy assessment
Alkhurayyif, Yazeed and Weir, George R S; (2017) Readability as a basis for information security policy assessment. In: Seventh IEEE International Conference on Emerging Security Technologies (EST). IEEE, Piscataway, NJ. ISBN 9781538640180 (https://doi.org/10.1109/EST.2017.8090409)
Preview |
Text.
Filename: Alkhurayyif_Weir_EST2017_Readability_as_a_basis_for_information_security_policy_assessment.pdf
Accepted Author Manuscript Download (352kB)| Preview |
Abstract
Most organisations now impose information security policies (ISPs) or 'conditions of use' agreements upon their employees. The need to ensure that employees are informed and aware of their obligations toward information security is apparent. Less apparent is the correlation between the provision of such policies and their compliance. In this paper, we report our research into the factors that determine the efficacy of information security policies (ISPs). Policies should comprise rules or principles that users can easily understand and follow. Presently, there is no ready mechanism for estimating the likely efficacy of such policies across an organisation. One factor that has a plausible impact upon the comprehensibility of policies is their readability. The present study investigates the effectiveness of applying readability metrics as an indicator of policy comprehensibility. Results from a preliminary study reveal variations in the comprehension test results attributable to the difficulty of the examined policies. The pilot study shows some correlation between the software readability formula results and human comprehension test results and supports our view that readability has an impact upon understanding ISPs. These findings have important implications for users’ compliance with information security policies and suggest that the application of suitably selected readability metrics may allow policy designers to evaluate their draft policies for ease of comprehension prior to policy release. Indeed, there may be grounds for a readability compliance test that future ISPs must satisfy.
ORCID iDs
Alkhurayyif, Yazeed ORCID: https://orcid.org/0000-0002-2312-2807 and Weir, George R S ORCID: https://orcid.org/0000-0002-6264-4480;-
-
Item type: Book Section ID code: 62863 Dates: DateEvent2 November 2017Published11 July 2017AcceptedNotes: © 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. Subjects: Technology > Electrical engineering. Electronics Nuclear engineering Department: Faculty of Science > Computer and Information Sciences Depositing user: Pure Administrator Date deposited: 15 Jan 2018 14:47 Last modified: 21 Dec 2024 01:04 Related URLs: URI: https://strathprints.strath.ac.uk/id/eprint/62863