How Explanation Adequacy of Security Policy Changes Decreases Organizational Computer Abuse
Proceedings of the 9th Annual Special Interest Group on Human-Computer Interaction 2010 Pre-ICIS Workshop at the International Conference on System Sciences, St. Louis, Missouri, USA, December 12, paper 14, pp. 1-5
7 Pages Posted: 30 Jun 2013
Date Written: December 12, 2010
Abstract
We use Fairness Theory to help explain why sometimes security policy sometimes backfire and increase security violations. Explanation adequacy — a key component of Fairness Theory — is expected to increase employees’ trust in their organization. This trust should decrease internal computer abuse incidents following the implementation of security changes.The results of our analysis provide support for Fairness Theory as applied to our context of computer abuse. First, the simple act of giving employees advance notification for future information security changes positively influences employees’ perceptions of organizational communication efforts. The adequacy of these explanations is also buoyed by SETA programs. Second, explanation adequacy and SETA programs work in unison to foster organizational trust. Finally, organizational trust significantly decreases internal computer abuse incidents. Our findings show how organizational communication can influence the overall effectiveness of information security changes among employees and how organizations can avoid becoming victim to their own efforts.
Keywords: fairness theory, computer abuse, organizational trust, security training and awareness, explanation adequacy
Suggested Citation: Suggested Citation