I believe that perceived usefulness and perceived ease of use are both very important when it comes to making a new security policy change in your company. For example, here at my company they have been talking about taking local administrator accounts away for possibly faculty and staff members because there have been too many machines infected with malware.
Currently the policy is that if you are a faculty or staff, you are made an administrator when you receive your computer. So faculty and staff can download any programs they please even if they may be malicious. There have been rare instances where one machine was so infected that it was trying to spread the infection by talking to other machines over our network. This could have been a disaster if this one computer infected multiple other machines.
Due to this, a new policy may be implemented to remove admin rights and only give faculty and staff a list of approved programs that we allow them to install. The perceived usefulness for our IT department is that it will stop possible infected computers from infecting more computers over our network. The ease of use of implementing this would be very simple.
However, the perceived usefulness of this policy change for faculty and staff is more of a negative because they are losing admin rights and privileges. Even though we are trying to protect them from malware and viruses, this is a downfall for them. The perceived ease of use of this change for the faculty and staff would be somewhat stressful because they would need to call the IT department every time they need to download something that has not been approved in our list of programs.
This is where a company has to weigh the ease of use versus security. How safe do we want our computers and network to be and at what cost of the user. This policy change has been in talks for quite sometime now, but the department is worried that there may be too much user retention because the ease of use when downloading programs would be restricted.