Inglesant, PG and Sasse, MA (2011) Information Security as Organizational Power: A framework for re-thinking security policies. In: Proceedings of 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST 2011). (pp. 9 - 16).
|PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader|
Successful enforcement of information security requires an understanding of a complex interplay of social and technological forces. We focus on organizational security policies, and on power in organizations, drawing on socio-technical literature to develop an analytical framework. We present three case studies from a large empirical study in an international company including 55 interviews with staff members at all levels; each study highlights a different aspect of our framework. We suggest ways in which our framework enables existing security policies to be re-thought. We conclude by showing how our findings complement recent research in the institutional economics of information security.
|Title:||Information Security as Organizational Power: A framework for re-thinking security policies.|
|Event:||1st Workshop on Socio-Technical Aspects in Security and Trust (STAST 2011)|
|Dates:||2011-09-06 - 2011-09-08|
|Open access status:||An open access version is available from UCL Discovery|
|Keywords:||information security, organizations, Actor-Networks, socio-technical systems|
|UCL classification:||UCL > School of BEAMS > Faculty of Engineering Science > Computer Science|
View download statistics for this item
Activity - last month
Activity - last 12 months
Archive Staff Only: edit this record