How Explanation Adequacy of Security Policy Changes Decreases Organizational Computer Abuse

Proceedings of the 9th Annual Special Interest Group on Human-Computer Interaction 2010 Pre-ICIS Workshop at the International Conference on System Sciences, St. Louis, Missouri, USA, December 12, paper 14, pp. 1-5

7 Pages Posted: 30 Jun 2013

See all articles by Clay Posey

Clay Posey

University of Central Florida

Tom Roberts

University of Kansas - School of Business

Paul Benjamin Lowry

Virginia Tech - Pamplin College of Business

Becky Bennett

Louisiana Tech University - Department of Management and Information Systems

Date Written: December 12, 2010

Abstract

We use Fairness Theory to help explain why sometimes security policy sometimes backfire and increase security violations. Explanation adequacy — a key component of Fairness Theory — is expected to increase employees’ trust in their organization. This trust should decrease internal computer abuse incidents following the implementation of security changes.The results of our analysis provide support for Fairness Theory as applied to our context of computer abuse. First, the simple act of giving employees advance notification for future information security changes positively influences employees’ perceptions of organizational communication efforts. The adequacy of these explanations is also buoyed by SETA programs. Second, explanation adequacy and SETA programs work in unison to foster organizational trust. Finally, organizational trust significantly decreases internal computer abuse incidents. Our findings show how organizational communication can influence the overall effectiveness of information security changes among employees and how organizations can avoid becoming victim to their own efforts.

Keywords: fairness theory, computer abuse, organizational trust, security training and awareness, explanation adequacy

Suggested Citation

Posey, Clay and Roberts, Tom and Lowry, Paul Benjamin and Bennett, Becky, How Explanation Adequacy of Security Policy Changes Decreases Organizational Computer Abuse (December 12, 2010). Proceedings of the 9th Annual Special Interest Group on Human-Computer Interaction 2010 Pre-ICIS Workshop at the International Conference on System Sciences, St. Louis, Missouri, USA, December 12, paper 14, pp. 1-5, Available at SSRN: https://ssrn.com/abstract=2287400

Clay Posey

University of Central Florida ( email )

4000 Central Florida Blvd
Orlando, FL 32816-1400
United States

Tom Roberts

University of Kansas - School of Business ( email )

1300 Sunnyside Avenue
Lawrence, KS 66045
United States

Paul Benjamin Lowry (Contact Author)

Virginia Tech - Pamplin College of Business ( email )

1016 Pamplin Hall
Blacksburg, VA 24061
United States

Becky Bennett

Louisiana Tech University - Department of Management and Information Systems ( email )

United States

Do you have negative results from your research you’d like to share?

Paper statistics

Downloads
35
Abstract Views
604
PlumX Metrics