Picture of boy being examining by doctor at a tuberculosis sanatorium

Understanding our future through Open Access research about our past...

Strathprints makes available scholarly Open Access content by researchers in the Centre for the Social History of Health & Healthcare (CSHHH), based within the School of Humanities, and considered Scotland's leading centre for the history of health and medicine.

Research at CSHHH explores the modern world since 1800 in locations as diverse as the UK, Asia, Africa, North America, and Europe. Areas of specialism include contraception and sexuality; family health and medical services; occupational health and medicine; disability; the history of psychiatry; conflict and warfare; and, drugs, pharmaceuticals and intoxicants.

Explore the Open Access research of the Centre for the Social History of Health and Healthcare. Or explore all of Strathclyde's Open Access research...

Image: Heart of England NHS Foundation Trust. Wellcome Collection - CC-BY.

Readability as a basis for information security policy assessment

Alkhurayyif, Yazeed and Weir, George R S (2017) Readability as a basis for information security policy assessment. In: Seventh IEEE International Conference on Emerging Security Technologies (EST). IEEE, Piscataway, NJ. ISBN 9781538640180

[img]
Preview
Text (Alkhurayyif-Weir-EST2017-Readability-as-a-basis-for-information-security -policy-assessment)
Alkhurayyif_Weir_EST2017_Readability_as_a_basis_for_information_security_policy_assessment.pdf
Accepted Author Manuscript

Download (352kB) | Preview

Abstract

Most organisations now impose information security policies (ISPs) or 'conditions of use' agreements upon their employees. The need to ensure that employees are informed and aware of their obligations toward information security is apparent. Less apparent is the correlation between the provision of such policies and their compliance. In this paper, we report our research into the factors that determine the efficacy of information security policies (ISPs). Policies should comprise rules or principles that users can easily understand and follow. Presently, there is no ready mechanism for estimating the likely efficacy of such policies across an organisation. One factor that has a plausible impact upon the comprehensibility of policies is their readability. The present study investigates the effectiveness of applying readability metrics as an indicator of policy comprehensibility. Results from a preliminary study reveal variations in the comprehension test results attributable to the difficulty of the examined policies. The pilot study shows some correlation between the software readability formula results and human comprehension test results and supports our view that readability has an impact upon understanding ISPs. These findings have important implications for users’ compliance with information security policies and suggest that the application of suitably selected readability metrics may allow policy designers to evaluate their draft policies for ease of comprehension prior to policy release. Indeed, there may be grounds for a readability compliance test that future ISPs must satisfy.