U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

PSYCHO-SOCIAL FACTORS IN THE IMPLEMENTATION OF INFORMATION SECURITY POLICY

NCJ Number
145856
Journal
NCSA News Volume: 4 Issue: 5 Dated: (September/October 1993) Pages: 4-7
Author(s)
M E Kabay
Date Published
1993
Length
4 pages
Annotation
Security policies and procedures affect not only what people do but also how they view themselves, their colleagues, and the world; despite these psychosocial issues, security personnel do not always consider what is known about social psychology.
Abstract
Information security specialists concur that security depends on people more than on technology. Therefore, improving security depends on changing beliefs, attitudes, and behaviors of both individuals and groups. Social psychology contributes to the understanding of how best to work with human predilections and predispositions. In the area of social cognition, schemas represent self-consistent views of reality, but security policies and procedures often conflict with people's schemas. Schemas also influence what individuals perceive and what they remember. Research on counterintuitive information indicates that people's judgments are influenced by the manner in which information is presented. These judgments are easily distorted by the tendency to rely on personal anecdotes, small samples, easily available information, and faulty interpretation of statistical information. Security program implementation must engage not only the rational mind but also people's imaginations and emotions. The psychological distinction between beliefs and attitudes is examined, and techniques of persuasion and attitude change are described.