Are users on board with information security practices?

Ajouter à mon PDF personnalisé

Measuring User Satisfaction with Information Security Practices.

Successful information security depends upon effective technical components, but also on proper interaction with those tools by human users. Measuring user satisfaction is one way to evaluate whether people are following information security practices, and why. Higher levels of user satisfaction are often connected with more effective use of the information systems. Accordingly, understanding what features improve user satisfaction might also inform system designs that are both functional and accessible.

This study surveyed more than 170 corporate information system users in Brazil. To explore individual security behaviours, the survey elaborated on the ideas from several theories of motivation. For information security system practices, this includes features such as usability and perceptions of system performance.

The findings show that people know why information security practices are important. Users understand there is some benefit from information system security. However, users are also wary of potentially complex security controls, which may make it harder for them to get their work done. Complex information security practices are seen as barriers and are related to lower user satisfaction. However, several features of information systems are related to higher user satisfaction:

  • Information quality: e.g., reliability and completeness of information

  • System quality: e.g., user friendliness and response time

  • Support service e.g., quality, promptness and responsiveness

  • Work performance: e.g., increased efficiency, and

  • Work relationships: e.g., supports the social needs of the user.

Dissatisfied users can be a risk for protection, so ensuring user satisfaction is an important part of designing a successful information security system. Users can be engaged in security by being included in the development of corporate practices and policies, as well as through awareness policies and with engaging training. The survey developed in this study can be used to identify issues with user satisfaction and to formulate policies that align with both user and organisational needs.

Security measures that reduce the capacity of systems to satisfy user expectations are less effective because they can disengage users from security efforts.