Have you met your organization's computer usage policy?

Abstract

PurposeThis paper aims to examine the effectiveness of computer usage policies in university settings.Design/methodology/approachStudents enrolled in business courses at three midwestern universities were divided, by class, into control and experimental groups. All subjects were asked to complete a survey regarding their awareness of university computer usage policies, consequences of misuse, and methods of policy distribution. The experimental group was exposed to sample computer usage policies. Two weeks later, all subjects were asked to complete the same survey again.FindingsResults suggest that most students have not read their university computer usage policies. However, the presence of a computer usage policy does influence students who have read those policies, but a single exposure is insufficient to influence all subjects.Research limitations/implicationsThe sample is limited to students from three universities.Practical implicationsWritten policy statements alone cannot serve as a cornerstone of security; multiple factors must be used to communicate the content of the deterrents.Originality/valueThis study notes that the existence of computer usage policies within a university (or organization) does not ensure that all users are familiar with the content of those policies and the penalties imposed for their violation. Providing a copy of computer usage policies to students (or employees) and verbally highlighting major points are not sufficient exposure to eliminate indifference about computer misuse.