Lawo, DennisStevens, Gunnar2024-08-212024-08-212024https://dl.gi.de/handle/20.500.12116/44274Effective information security policies are crucial for organisations to mitigate information security threats and risks. However, poorly designed information security policies can lead to hidden costs and decreased compliance in daily work routines. While behavioural factors like social norms, positive attitudes, and knowledge are well known to influence compliance, the usability of information security policies, which takes the context of use seriously, remains understudied,. To address this, we introduce the Information Security Policy Usability Scale (ISPUS), an adaptation of the widely recognised System Usability Scale (SUS). ISPUS assesses the usability of information security policies. Thereby, it supports both companies and works councils in ensuring the fit of the work context, individual skills, tools and the policy. By applying ergonomic principles, ISPUS aims to enhance information security policy design and support organisational security efforts.enhttp://purl.org/eprint/accessRights/RestrictedAccessInformation Security Policy Usability Scale: A Questionnaire for Evaluating the Usability of Information Security PoliciesText/Workshop Paper10.18420/muc2024-mci-ws13-135