Beris, O;
Beautement, A;
Sasse, MA;
(2015)
Employee rule breakers, excuse makers and security champions: Mapping the risk perceptions and emotions that drive security behaviors.
In: Somayaji, A and Van Oorschot, P and Böhme, R and Mannan, M, (eds.)
NSPW '15: Proceedings of the 2015 New Security Paradigms Workshop.
(pp. pp. 73-84).
Association for Computing Machinery (ACM): New York, NY, USA.
Preview |
Text
NSPW2015PostProceedingsFinal1ACM.pdf - Published Version Download (562kB) | Preview |
Abstract
We introduce a new methodology for identifying the factors that drive employee security behaviors in organizations, based on a wellknown paradigm from psychology, the Johari Window. An analysis of 93 interviews with staff from 2 multinational organizations revealed that security behavior is driven by a combination of risk understanding and emotional stance towards security policy. Furthermore, we found that a quantitative analysis of these dimensions is capable of differentiating between the staff populations of the two organizations. Organization B showed a healthier set of security behaviors, as a result of its employees having better risk understanding and a more positive emotional stance. The framework distinguishes between 16 theoretical behavioral types, (3 of which are rule breakers, excuse makers and security champions). It can be used to identify groups of employees that potentially pose a risk to the organization, as well as those with beneficial skills and expertise. This allows highly specific messages to be targeted to change the risk perception and emotional stance of such groups. Assuming the organization has ensured security hygiene (i.e. its policies can be complied with in the context of productive activity), this can shift behavior towards compliance. Our framework thus offers diagnostic and intervention-shaping tools for the next step in improving security culture.
| Type: | Proceedings paper |
|---|---|
| Title: | Employee rule breakers, excuse makers and security champions: Mapping the risk perceptions and emotions that drive security behaviors |
| Event: | 2015 New Security Paradigms Workshop |
| ISBN-13: | 9781450337540 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1145/2841113.2841119 |
| Publisher version: | http://dx.doi.org/10.1145/2841113.2841119 |
| Language: | English |
| Additional information: | Copyright is held by the owner/author(s). Publication rights licensed to ACM. |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/1475820 |
Archive Staff Only
 |
View Item |
