Ambiguity as a Barrier to Information Security Policy Compliance: A Content Analysis

Submitted by grigby1 on Mon, 11/20/2017 - 12:25pm

Title	Ambiguity as a Barrier to Information Security Policy Compliance: A Content Analysis
Publication Type	Conference Paper
Year of Publication	2016
Authors	Buthelezi, M. P., Poll, J. A. van der, Ochola, E. O.
Conference Name	2016 International Conference on Computational Science and Computational Intelligence (CSCI)
Date Published	dec
ISBN Number	978-1-5090-5510-4
Keywords	Collaboration, Content analysis, Education, educational institution, Educational institutions, governance, Government, Guidelines, Information security, information security policy compliance, Information services, InfoSec policy document, institutional information resources, Natural languages, policy, Policy ambiguity, Policy clarity, Policy human aspects, policy-based governance, pubcrawl, security of data, security policies, Security policy compliance, Software, South Africa, text analysis, usable security
Abstract	Institutions use the information security (InfoSec) policy document as a set of rules and guidelines to govern the use of the institutional information resources. However, a common problem is that these policies are often not followed or complied with. This study explores the extent to which the problem lies with the policy documents themselves. The InfoSec policies are documented in the natural languages, which are prone to ambiguity and misinterpretation. Subsequently such policies may be ambiguous, thereby making it hard, if not impossible for users to comply with. A case study approach with a content analysis was conducted. The research explores the extent of the problem by using a case study of an educational institution in South Africa.
URL	https://ieeexplore.ieee.org/document/7881547/
DOI	10.1109/CSCI.2016.0254
Citation Key	buthelezi_ambiguity_2016

Groups:

Science of Security VO