Evaluating readability as a factor in information security policies

This thesis was previously held under moratorium from 26/11/19 to 26/11/21Policies should be treated as rules or principles that individuals can readily comprehend and follow as a pre-requisite to any organisational requirement to obey and enact regulations. This dissertation attempts to highlight one of the important factors to consider before issuing any policy that staff members are required to follow. Presently, there is no ready mechanism for estimating the likely efficacy of such policies across an organisation. One factor that has a plausible impact upon the comprehensibility of policies is their readability. Researchers have designed a number of software readability metrics that evaluate how difficult a passage is to comprehend; yet, little is known about the impact of readability on the interpretation of information security policies and whether analysis of readability may prove to be a useful insight. This thesis describes the first study to investigate the feasibility of applying readability metrics as an indicator of policy comprehensibility through a mixed methods approach, with the formulation and implementation of a seven phase sequential exploratory fully mixed methods design. Each one was established in light of the outcomes from the previous phase. The methodological approach of this research study is one of the distinguishing characteristics reported in the thesis, which was as follows: * eight policies were selected (from a combination of academia and industry sector institutes); * specialists were requested their insights on key policy elements; * focus group interviews were conducted; * comprehension tests were developed (Cloze tests); * a pilot study of comprehension tests was organised (preceded by a small-scale test); * a main study of comprehension tests was performed with 600 participants and reduce that for validation to 396; * a comparison was made of comprehension results against readability metrics. The results reveal that the traditional readability metrics are ineffective in predicting human estimation. Nevertheless, readability, as measured using a bespoke readability metric, may yield useful insight upon the likely difficulty that end-users may face in comprehending a written text. Thereby, our study aims to provide an effective approach to enhancing the comprehensibility of information security policies and afford a facility for future research in this area. The research contributes to our understanding of readability in general and offering an optimal technique to measure the readability in particular. We recommend immediate corrective actions to enhance the ease of comprehension for information security policies. In part, this may reduce instances where users avoid fully reading the information security policies, and may also increase the likelihood of user compliance. We suggest that the application of appropriately selected readability assessment may assist policy makers to test their draft policies for ease of comprehension before policy release. Indeed, there may be grounds for a readability compliance test that future information security policies must satisfy.Policies should be treated as rules or principles that individuals can readily comprehend and follow as a pre-requisite to any organisational requirement to obey and enact regulations. This dissertation attempts to highlight one of the important factors to consider before issuing any policy that staff members are required to follow. Presently, there is no ready mechanism for estimating the likely efficacy of such policies across an organisation. One factor that has a plausible impact upon the comprehensibility of policies is their readability. Researchers have designed a number of software readability metrics that evaluate how difficult a passage is to comprehend; yet, little is known about the impact of readability on the interpretation of information security policies and whether analysis of readability may prove to be a useful insight. This thesis describes the first study to investigate the feasibility of applying readability metrics as an indicator of policy comprehensibility through a mixed methods approach, with the formulation and implementation of a seven phase sequential exploratory fully mixed methods design. Each one was established in light of the outcomes from the previous phase. The methodological approach of this research study is one of the distinguishing characteristics reported in the thesis, which was as follows: * eight policies were selected (from a combination of academia and industry sector institutes); * specialists were requested their insights on key policy elements; * focus group interviews were conducted; * comprehension tests were developed (Cloze tests); * a pilot study of comprehension tests was organised (preceded by a small-scale test); * a main study of comprehension tests was performed with 600 participants and reduce that for validation to 396; * a comparison was made of comprehension results against readability metrics. The results reveal that the traditional readability metrics are ineffective in predicting human estimation. Nevertheless, readability, as measured using a bespoke readability metric, may yield useful insight upon the likely difficulty that end-users may face in comprehending a written text. Thereby, our study aims to provide an effective approach to enhancing the comprehensibility of information security policies and afford a facility for future research in this area. The research contributes to our understanding of readability in general and offering an optimal technique to measure the readability in particular. We recommend immediate corrective actions to enhance the ease of comprehension for information security policies. In part, this may reduce instances where users avoid fully reading the information security policies, and may also increase the likelihood of user compliance. We suggest that the application of appropriately selected readability assessment may assist policy makers to test their draft policies for ease of comprehension before policy release. Indeed, there may be grounds for a readability compliance test that future information security policies must satisfy

Users' Information Security Awareness of Home Closed-Circuit Television Surveillance

Closed-circuit television (CCTV) surveillance cameras are widely used in public and private areas around the world. It is primarily used for tracking individuals and preventing criminal activities. It is necessary to balance the benefits of video surveillance and the risks it poses to individuals' right to privacy. The existing studies raised privacy issues of installing CCTV in public places. However, there is a lack of studies investigating users’ awareness of information security and privacy limitations in installing CCTV in private places. Thus, in this study, the author evaluated users' information security awareness of the value of CCTV and other forms of video surveillance. In-person interviews were conducted in Riyadh province, Kingdom of Saudi Arabia. A total of 77 individuals responded to the interview. A qualitative analysis was conducted to evaluate the participants’ perception of CCTV usage. The outcome of the analysis revealed four themes: Privacy invasion, privacy awareness, dilemmas in implementing security, and preventive measures. The findings revealed that the participants required strict privacy policies for installing CCTV video monitoring systems in private areas. In addition, they understood that CCTV is effectively reducing the fear of crime. The research contributes to understanding users' general awareness of information security and offers the necessary steps to protect the user's privacy in a CCTV surveillance environment. In addition, a data-sharing framework is recommended to share the data in a secure environment. Furthermore, researchers can utilize the study findings in conducting further similar investigative studies

Readability as a basis for information security policy assessment

Most organisations now impose information security policies (ISPs) or 'conditions of use' agreements upon their employees. The need to ensure that employees are informed and aware of their obligations toward information security is apparent. Less apparent is the correlation between the provision of such policies and their compliance. In this paper, we report our research into the factors that determine the efficacy of information security policies (ISPs). Policies should comprise rules or principles that users can easily understand and follow. Presently, there is no ready mechanism for estimating the likely efficacy of such policies across an organisation. One factor that has a plausible impact upon the comprehensibility of policies is their readability. The present study investigates the effectiveness of applying readability metrics as an indicator of policy comprehensibility. Results from a preliminary study reveal variations in the comprehension test results attributable to the difficulty of the examined policies. The pilot study shows some correlation between the software readability formula results and human comprehension test results and supports our view that readability has an impact upon understanding ISPs. These findings have important implications for users’ compliance with information security policies and suggest that the application of suitably selected readability metrics may allow policy designers to evaluate their draft policies for ease of comprehension prior to policy release. Indeed, there may be grounds for a readability compliance test that future ISPs must satisfy

Evaluating readability as a factor in information security policies

Researchers have designed a number of software readability metrics that evaluate how difficult a passage is to comprehend; yet, little is known about the impact of readability on the interpretation of information security policies (ISPs) and whether experiment of readability may prove to be a useful factor. This paper examines and compares eight ISP documents on nine mechanical readability formula results with outcomes from a human-based comprehension test. The primary focus is to identify if we might rely on a software readability measure for assessing the difficulty of a text document in the domain of Information Security Policies. Our results reveal that traditional readability metrics are ineffective in predicting the human estimation. Nevertheless, readability, as measured using a bespoke readability metric, may yield useful insight upon the likely difficulty that end-users face in comprehending an ISP document. Thereby, our study aims to provide a means to enhance the comprehensibility of ISPs

Investigating the Factors Influencing the Use of Cloud Computing

Cloud computing technology is a new computing paradigm phenomenon that has recently received a significant attention by several research studies. However, the previous works have concentrated on the adoption of this technology and limited studies focused on the factors influencing the intention to use it. Therefore, the proposed study developed a model to figure out these factors. This study used an online questionnaire to collect data. A total of 712 responses were received. Structural equation modelling was employed by using SmartPLS 3 software to analyse the collected data. The findings of this study indicate that awareness, user readiness, and satisfaction are important factors related to the use of cloud computing, while privacy seems to have no significant influence on the use of this technology. Thus, this study recommends users to attend courses and workshops to garner knowledge and understanding of cloud computing and hence become appropriately qualified to use it. Moreover, such courses and workshops will provide users with methods and techniques to protect their privacy, which should be given priority attention

National ID Cards

Abstract The September 11 terrorist attacks changed the world, governments and many people became more and more concerned about their security. A number of countries have considered or are considering again their approach to a form of ID card. Despite the support for ID cards, there are growing fears about the possible loss of privacy, freedom, and that the new technology could increase police power more than it should be. The main idea of this paper is to look at the main advantages and disadvantages of National ID cards, security properties of resident ID cards, possible threat and security features. Moreover, a number of alternative proposes to the National ID cards is mentioned

A comprehensive survey of techniques for developing an Arabic question answering system

The question-answering system (QAS) aims to produce a response to a query using information from a text corpus. Arabic is a complex language. However, it has more than 450 million native speakers across the globe. The Saudi Arabian government encourages organizations to automate their routine activities to provide adequate services to their stakeholders. The performance of current Arabic QASs is limited to the specific domain. An effective QAS retrieves relevant responses from structured and unstructured data based on the user query. Many QAS studies categorized QASs according to factors, including user queries, dataset characteristics, and the nature of the responses. A more comprehensive examination of QASs is required to improve the QAS development according to the present QAS requirements. The current literature presents the features and classifications of the Arabic QAS. There is a lack of studies to report the techniques of Arabic QAS development. Thus, this study suggests a systematic literature review of strategies for developing Arabic QAS. A total of 617 articles were collected, and 40 papers were included in the proposed review. The outcome reveals the importance of the dataset and the deep learning techniques used to improve the performance of the QAS. The existing systems depend on supervised learning methods that lower QAS performance. In addition, the recent development of machine learning techniques encourages researchers to develop unsupervised QAS