Inglesant, PG and Sasse, MA (2011) Information Security as Organizational Power: A framework for re-thinking security policies. In: Proceedings of 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST 2011). (pp. 9 - 16).
![[img]](/style/images/fileicons/application_pdf.png) | PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader 319Kb |
Abstract
Successful enforcement of information security requires an understanding of a complex interplay of social and technological forces. We focus on organizational security policies, and on power in organizations, drawing on socio-technical literature to develop an analytical framework. We present three case studies from a large empirical study in an international company including 55 interviews with staff members at all levels; each study highlights a different aspect of our framework. We suggest ways in which our framework enables existing security policies to be re-thought. We conclude by showing how our findings complement recent research in the institutional economics of information security.
| Type: | Proceedings paper |
|---|---|
| Title: | Information Security as Organizational Power: A framework for re-thinking security policies. |
| Event: | 1st Workshop on Socio-Technical Aspects in Security and Trust (STAST 2011) |
| Location: | Milan, Italy |
| Dates: | 2011-09-06 - 2011-09-08 |
| Open access status: | An open access version is available from UCL Discovery |
| Keywords: | information security, organizations, Actor-Networks, socio-technical systems |
| UCL classification: | UCL > School of BEAMS > Faculty of Engineering Science > Computer Science |
View download statistics for this itemArchive Staff Only: edit this record