Successful information security depends upon effective technical components, but also on proper interaction with those tools by human users. Measuring user satisfaction is one way to evaluate whether people are following information security practices, and why. Higher levels of user satisfaction are often connected with more effective use of the information systems. Accordingly, understanding what features improve user satisfaction might also inform system designs that are both functional and accessible.
This study surveyed more than 170 corporate information system users in Brazil. To explore individual security behaviours, the survey elaborated on the ideas from several theories of motivation. For information security system practices, this includes features such as usability and perceptions of system performance.
The findings show that people know why information security practices are important. Users understand there is some benefit from information system security. However, users are also wary of potentially complex security controls, which may make it harder for them to get their work done. Complex information security practices are seen as barriers and are related to lower user satisfaction. However, several features of information systems are related to higher user satisfaction:
Information quality: e.g., reliability and completeness of information
System quality: e.g., user friendliness and response time
Support service e.g., quality, promptness and responsiveness
Work performance: e.g., increased efficiency, and
Work relationships: e.g., supports the social needs of the user.
Security measures that reduce the capacity of systems to satisfy user expectations are less effective because they can disengage users from security efforts.