UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

The compliance budget: Managing security behaviour in organisations

Beauement, A; Sasse, MA; Wonham, M; (2008) The compliance budget: Managing security behaviour in organisations. In: NSPW'08: Proceedings of the 2008 workshop on new security paradigms workshop. (pp. 47 - 58). Association for Computing Machinery Green open access


Download (340kB)


A significant number of security breaches result from employees’ failure to comply with security policies. Many organizations have tried to change or influence security behaviour, but found it a major challenge. Drawing on previous research on usable security and economics of security, we propose a new approach to managing employee security behaviour. We conducted interviews with 17 employees from two major commercial organizations, asking why they do or don’t comply with security policies. Our results show that key factors in the compliance decision are the actual and anticipated cost and benefits of compliance to the individual employee, and perceived cost and benefits to the organization. We present a new paradigm – the Compliance Budget - as a means of understanding how individuals perceive the costs and benefits of compliance with organisational security goals, and identify a range of approaches that security managers can use to influence employee’s perceptions (which, in turn, influence security behaviour). The Compliance Budget should be understood and managed in the same way as any financial budget, as compliance directly affects, and can place a cap on, effectiveness of organisational security measures.

Type: Proceedings paper
Title: The compliance budget: Managing security behaviour in organisations
Event: New Security Paradigms Workshop 2008
Location: Lake Tahoe, California, USA
Dates: 2008-09-22 - 2008-09-25
ISBN-13: 9781605583419
Open access status: An open access version is available from UCL Discovery
DOI: 10.1145/1595676.1595684
Publisher version: http://dx.doi.org/10.1145/1595676.1595684
Language: English
Additional information: "© ACM 2004. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in Proceedings of the 2008 workshop on New security paradigms, http://dx.doi.org/10.1145/1595676.1595684."
Keywords: Security policies, security behaviour, compliance budget, compliance
UCL classification: UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/1301853
Downloads since deposit
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item