"Comply or Die" Is Dead: Long Live Security-Aware Principal Agents
نویسندگان
چکیده
Information security has adapted to the modern collaborative organisational nature, and abandoned “command-andcontrol” approaches of the past. But when it comes to managing employee’s information security behaviour, many organisations still use policies proscribing behaviour and sanctioning non-compliance. Whilst many organisations are aware that this “comply or die” approach does not work for modern enterprises where employees collaborate, share, and show initiative, they do not have an alternative approach to fostering secure behaviour. We present an interview analysis of 126 employees’ reasons for not complying with organisational policies, identifying the perceived conflict of security with productive activities as the key driver for non-compliance and confirm the results using a survey of 1256 employees. We conclude that effective problem detection and security measure adaptation needs to be de-centralised employees are the principal agents who must decide how to implement security in specific contexts. But this requires a higher level of security awareness and skills than most employees currently have. Any campaign aimed at security behaviour needs to transform employee’s perception of their role in security, transforming them to security-aware principal agents.
منابع مشابه
Qur’anic Metaphors and Their English and Persian Translations: Dead or Alive?
The present study aims at discussing whether metaphors in the Qur’an, revealed more than 1400 years ago, are dead, moribund or live and how these three types of metaphors have been translated in three English and three Persian translations of the Qur’an. The results reveal that among 70 metaphors examined, while only about 32.85% are live metaphors, about 67.14% are moribund, but none of the ca...
متن کاملReuse-Aware Management for Last-Level Caches
Variability in generational behavior of cache blocks is a key challenge for cache management policies that aim to identify dead blocks as early and as accurately as possible to maximize cache efficiency. Existing management policies are limited by the metrics they use to identify dead blocks, leading to low coverage and/or low accuracy in the face of variability. In response, we introduce a new...
متن کاملA New Model for Understanding Users' IS Security Compliance
The literature agrees that the major threat to IS security is constituted by careless employees. Therefore, effective IS security requires that users are not only aware of, but also comply with organizations’ IS security policies and procedures. To address this important concern, different IS security awareness, education and enforcement approaches have been proposed. Prior research on IS secur...
متن کاملEffects of Rutilus kutum mortality on the Appearance and sensory acceptability by gillnetting
Rutilus kutum , one of the most important and valuable is the bony fishes of the Caspian Sea and the use of gill net fishing is one of numerous methods and the use of gill net fishing is one of the main ways that likely to more die the large number of fish during captured in net. In this study, sensory and the appearance changes white fishes after fishing by gillnetting was performed to determi...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2013