Demjaha, Albesë;
Pym, David;
Caulfield, Tristan;
Parkin, Simon;
(2024)
‘The trivial tickets build the trust’: a co-design approach to understanding security support interactions in a large university.
Journal of Cybersecurity
, 10
(1)
, Article tyae007. 10.1093/cybsec/tyae007.
Preview |
Text
Pym_The trivial tickets build the trust_VoR.pdf Download (1MB) | Preview |
Abstract
Increasingly, organizations are acknowledging the importance of human factors in the management of security in workplaces. There are challenges in managing security infrastructures in which there may be centrally mandated and locally managed initiatives to promote secure behaviours. We apply a co-design methodology to harmonize employee behaviour and centralized security management in a large university. This involves iterative rounds of interviews connected by the co-design methodology: 14 employees working with high-value data with specific security needs; seven support staff across both local and central IT and IT-security support teams; and two senior security decision-makers in the organization. We find that employees prefer local support together with assurances that they are behaving securely, rather than precise instructions that lack local context. Trust in support teams that understand local needs also improves engagement, especially for employees who are unsure what to do. Policy is understood by employees through their interactions with support staff and when they see colleagues enacting secure behaviours in the workplace. The iterative co-design approach brings together the viewpoints of a range of employee groups and security decision-makers that capture key influences that drive secure working practices. We provide recommendations for improvements to workplace security, including recognizing that communication of the policy is as important as what is in the policy.
| Type: | Article |
|---|---|
| Title: | ‘The trivial tickets build the trust’: a co-design approach to understanding security support interactions in a large university |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1093/cybsec/tyae007 |
| Publisher version: | https://doi.org/10.1093/cybsec/tyae007 |
| Language: | English |
| Additional information: | © The Author(s) 2024. Published by Oxford University Press. This is an Open Access article distributed under the terms of the Creative Commons Attribution-NonCommercial-NoDerivs License (https://creativecommons.org/licenses/by-nc-nd/4.0/). |
| Keywords: | Security, Users, Policy, Management, Modelling, Co-design, Translation Zone |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/10192658 |
Archive Staff Only
 |
View Item |
