Information security policies (ISP) that are not grounded in the realities of an employee's work responsibilities and priorities expose organizations to higher risk for data breaches, according to new research from Binghamton University, State University of New York.