A Multimedia Approach to Reducing Complexity of Information Security Policies

  • Ahamya William Mbarara University of Science and Technology (MUST)
  • Dr. Drake Patrick Mirembe (PhD) Makerere University
  • Jude Lubega (PhD) Nkumba University
Keywords: Information Security Policies, Compliance, Multimedia, Business Process Modeling, Information Systems Security Policies, IT security

Abstract

The study set out to design a multi-media approach to guide developers develop Information Security (IS) Policies that are easy to read, interpret and understand as a means to improving compliance to security procedures. This was prompted by low levels of compliance to Information Security policies in different organizations. Using surveys and online interviews, the approach requirements were established and from these requirements, a multi-media approach to enhancing compliance to IS policies was designed and evaluated. The evaluation showed that the multi-media approach was indeed effective in designing and communicating information security policies in ways end users easily, read, interpret and understand.  To this effect, users generally indicated that the approach allows sharing of Information security policies through different native platforms like Facebook, WhatsApp, Twitter and others, depending on distinctive organizations. They also indicated that after using the approach, it is easy to recall the policies overtime and that using the approach is eye catching as it picks the users’ interest in the policy. The study respondents further noted that using multi-media developed policies takes a shorter time to read, interpret and understand compared to using written policies.

It was further established that the approach is usable and useful. The study however found that the different approaches being used do not fulfill the good attributes of a policy which enhance compliance that include;

  1. It should be written in clear and straight language, that is to say, the use of common man’s concept.
  2. It should not be too big; that is to say, it should not be bulky.
  3. It should be presented in instructive and directive format.
  4. It should be accessible by stakeholder.

Furthermore, the written policies are hard to read, interpret and understand. For instance, using terms like “password salting” maybe hard to interpret and understand for users in different knowledge domains. Basing on the cognitive science/theory which states that human beings’ first language is vision and also the saying that goes, “one image/picture says a thousand words”, it is deducible that by using the multi-media approach, policy developers can develop policies that are easy to read, interpret and understand hence enhancing compliance and comprehension of Information Security Policies in organizations.

Published
2022-12-01
How to Cite
William, A., Mirembe (PhD), D. D. P., & Lubega (PhD), J. (2022). A Multimedia Approach to Reducing Complexity of Information Security Policies. International Journal of Technology and Management, 7(2), 1-11. Retrieved from https://utamu.ac.ug/ijotm/index.php/ijotm/article/view/106
Issue
Vol 7 No 2 (2022): IJOTM
Section
Articles