UCL logo

UCL Discovery

UCL home » Library Services » Electronic resources » UCL Discovery

'Mission impossible': how conflicting security and productivity demands induce non-compliance with security policies

Karppinen, IA; (2016) 'Mission impossible': how conflicting security and productivity demands induce non-compliance with security policies. Doctoral thesis , UCL (University College London).

Full text not available from this repository.

Abstract

Safety and security policies are a vital part of protecting a range of organisational assets and personnel. Safety research though, has focused on avoiding major catastrophes (from nuclear to aviation) and attributing responsibility for causation of accidents at both individual and organisational levels (Reason, 1990). Accident causation models that come from high-risk industries have limited application to organisations in the security industry though, where procedural non-compliance rarely results in a major catastrophe. As noted in the previous research (Karppinen, 2010), they do not adequately explain why employee non-compliance exists. The information security field, however, has identified security requirements which impede task productivity as a significant factor (Beautement, Sasse and Wonham, 2008). This research is a case-study of non-compliance in a secure logistics organisation whose operations are underpinned by critical physical security rules and procedures. It expands on previous research (Karppinen, 2010), making this a unique longitudinal case-study. Across six of its branches, archival (228 security breaches) and direct security-related observations (262) were obtained. Second, 70 operational-level employees (couriers) and 15 managers completed a Q-sorting task and were interviewed. Finally, an intervention method that was grounded in the data collected was introduced. This addressed the primary causes of non-compliance in an attempt to trigger behaviour change. The intervention followed the persuasive technology approach, with persuasive messages delivered to 139 couriers over a four-week period via each courier’s existing communication device. There were 85 pre-intervention and 76 post-intervention surveys completed and 26 CCTV observations were carried out during the intervention. The results showed that the persuasive messaging did not affect security compliance. However, the research offers insights into compliance with physical security rules, concluding that achieving full compliance with a security policy is ‘mission impossible’ where that policy is not designed, implemented and delivered in a manner that aids compliance.

Type: Thesis (Doctoral)
Title: 'Mission impossible': how conflicting security and productivity demands induce non-compliance with security policies
Event: UCL (University College London)
Language: English
UCL classification: UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
URI: http://discovery.ucl.ac.uk/id/eprint/1493172
Downloads since deposit
0Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item