UCL logo

UCL Discovery

UCL home » Library Services » Electronic resources » UCL Discovery

Information security as organizational power: A framework for re-thinking security policies

Inglesant, P; Sasse, MA; (2011) Information security as organizational power: A framework for re-thinking security policies. In: 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST). (pp. 9 - 16). IEEE Green open access

[img]PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
319Kb

Abstract

Successful enforcement of information security requires an understanding of a complex interplay of social and technological forces. Drawing on socio-technical literature to develop an analytical framework, we examine the relationship between security policies and power in organizations. We use our framework to study three examples of security policy from a large empirical study n an international company. Each example highlights a different aspect of our framework. Our results, from in-depth interviews with 55 staff members at all levels, show that there is often non-compliance in the detail of organizational information security policies; this is not willful but is in response to shortcomings in the policy and to meet business needs. We conclude by linking our findings to recent research on the institutional economics of information security. We suggest ways in which our framework can be used by organizational decision-makers to review and re-think existing security policies.

Type:Proceedings paper
Title:Information security as organizational power: A framework for re-thinking security policies
Event:1st Workshop on Socio-Technical Aspects in Security and Trust (STAST)
ISBN-13:978-1-4577-1181-7
Open access status:An open access version is available from UCL Discovery
DOI:10.1109/STAST.2011.6059250
Publisher version:http://dx.doi.org/10.1109/STAST.2011.6059250
Language:English
UCL classification:UCL > School of BEAMS > Faculty of Engineering Science > Computer Science

View download statistics for this item

Archive Staff Only: edit this record