UCL logo

UCL Discovery

UCL home » Library Services » Electronic resources » UCL Discovery

Employee rule breakers, excuse makers and security champions: Mapping the risk perceptions and emotions that drive security behaviors

Beris, O; Beautement, A; Sasse, MA; (2015) Employee rule breakers, excuse makers and security champions: Mapping the risk perceptions and emotions that drive security behaviors. In: Somayaji, A and Van Oorschot, P and Böhme, R and Mannan, M, (eds.) NSPW '15: Proceedings of the 2015 New Security Paradigms Workshop. (pp. pp. 73-84). Association for Computing Machinery (ACM): New York, NY, USA. Green open access

[img]
Preview
Text
NSPW2015PostProceedingsFinal1ACM.pdf - ["content_typename_Published version" not defined]

Download (562kB) | Preview

Abstract

We introduce a new methodology for identifying the factors that drive employee security behaviors in organizations, based on a wellknown paradigm from psychology, the Johari Window. An analysis of 93 interviews with staff from 2 multinational organizations revealed that security behavior is driven by a combination of risk understanding and emotional stance towards security policy. Furthermore, we found that a quantitative analysis of these dimensions is capable of differentiating between the staff populations of the two organizations. Organization B showed a healthier set of security behaviors, as a result of its employees having better risk understanding and a more positive emotional stance. The framework distinguishes between 16 theoretical behavioral types, (3 of which are rule breakers, excuse makers and security champions). It can be used to identify groups of employees that potentially pose a risk to the organization, as well as those with beneficial skills and expertise. This allows highly specific messages to be targeted to change the risk perception and emotional stance of such groups. Assuming the organization has ensured security hygiene (i.e. its policies can be complied with in the context of productive activity), this can shift behavior towards compliance. Our framework thus offers diagnostic and intervention-shaping tools for the next step in improving security culture.

Type: Proceedings paper
Title: Employee rule breakers, excuse makers and security champions: Mapping the risk perceptions and emotions that drive security behaviors
Event: 2015 New Security Paradigms Workshop
ISBN-13: 9781450337540
Open access status: An open access version is available from UCL Discovery
DOI: 10.1145/2841113.2841119
Publisher version: http://dx.doi.org/10.1145/2841113.2841119
Language: English
Additional information: Copyright is held by the owner/author(s). Publication rights licensed to ACM.
UCL classification: UCL > School of BEAMS
UCL > School of BEAMS > Faculty of Engineering Science
URI: http://discovery.ucl.ac.uk/id/eprint/1475820
Downloads since deposit
81Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item