From usable design characteristics to usable information security policies: a reconceptualisation

From usable design characteristics to usable information security policies: a reconceptualisation

Information Security Policies (ISPs) are crucial artefacts in organisations, governments, and civil societies to mitigate information security threats and risks. However, poorly designed ISPs can lead to hidden costs and decreased compliance in daily practices. While behavioural factors such as soci...

Full description

Saved in:
Bibliographic Details
Main Authors: Lawo Dennis, Stevens Gunnar
Format: Article
Language:English
Published: De Gruyter 2025-03-01
Series:i-com
Subjects:
information security policy
usability
public policy
civil guideline
information security
Online Access:https://doi.org/10.1515/icom-2024-0066
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Information Security Policies (ISPs) are crucial artefacts in organisations, governments, and civil societies to mitigate information security threats and risks. However, poorly designed ISPs can lead to hidden costs and decreased compliance in daily practices. While behavioural factors such as social norms, positive attitudes, and knowledge are well-known to influence compliance, the usability of ISPs, which takes the context of use seriously, remains understudied. To address this, we introduce the concept of Usable Information Security Policy (UISP). This concept is derived from the argument that usability is not just about the usable design of the document itself, but a relational property of the ISP in a specific context of regulation. We argue that UISPs integrate usability as an inherent feature of policies besides compliance. Based on this, an extended scope of content, adapted policy management methods, and strong alignment with said context are required. Our research provides implications for theory and practice. By providing a new concept for engagement including a research agenda, we provide usable security research with a new tool to increase protection between socio-technical contexts and artefacts. For practitioners, the concept provides first guidance on how to incorporate usability more strongly in the otherwise formal policy-making processes.
ISSN:2196-6826

Similar Items