Why users (fail to) read computer usage policies
Abstract
Purpose
This paper aims to improve understanding of individuals' awareness and perceptions of computer usage policies (CUPs) and why individuals elect not to read these policies.
Design/methodology/approach
MBA students were asked to complete an online survey evaluating their behavioral intention to read CUPs, as well as their performance of this behavior. Factors contributing to the intention to read policies were also examined. The resulting data were analyzed with Smart PLS.
Findings
Results suggest that three factors influence individual intention to read CUPs. These factors include attitude, apathy, and social trust. The model explained about 70 percent of individual intention to read CUPs and about 44 percent of the variability in actually reading these policies.
Research limitations/implications
The sample is limited to MBA students from a single university.
Practical implications
Although written policy statements are often considered the cornerstone of computer security, many individuals elect not to read these policies. Thus, other methods of communication must be used.
Originality/value
This paper examines the reasons individuals elect not to read CUPs. Given the importance of these policies as deterrents to information systems misuse and computer crime, understanding why individuals fail to read policies is a critical first step in enhancing user knowledge of computer security.
Keywords
Citation
Bryan Foltz, C., Schwager, P.H. and Anderson, J.E. (2008), "Why users (fail to) read computer usage policies", Industrial Management & Data Systems, Vol. 108 No. 6, pp. 701-712. https://doi.org/10.1108/02635570810883969
Publisher
:Emerald Group Publishing Limited
Copyright © 2008, Emerald Group Publishing Limited