Kirlappos, I;
Sasse, MA;
(2015)
Fixing Security Together: Leveraging trust relationships to improve security in organizations.
In:
Proceedings of the NDSS Symposium 2015.
Internet Society: San Diego, CA, USA.
![[thumbnail of Kirlappos-Usec2015.pdf]](https://discovery.ucl.ac.uk/style/images/fileicons/text.png) |
Text
Kirlappos-Usec2015.pdf Available under License : See the attached licence file. Download (713kB) |
Abstract
Current approaches to information security focused on deploying security mechanisms, creating policies and communicating those to employees. Little consideration was given to how policies and mechanisms affect trust relationships in an organization, and in turn security behavior. Our analysis of 208 in-depth interviews with employees in two large multinational organizations found two trust relationships: between the organization and its employees (organization-employee trust), and between employees (inter-employee trust). When security interferes with employees’ ability to complete work tasks, they rely on inter-employee trust to overcome those obstacles (e.g. sharing a password with a colleague who is locked out of a system and urgently needs access). Thus, non-compliance is a collaborative action, which develops inter-employee trust further, as employees now become “partners in crime”. The existence of these two relationships also presents employees with a clear dilemma: either try to comply with cumbersome security (and honor organization-employee trust) or help their colleagues by violating security (preserving inter-employee trust). We conclude that designers of security policies and mechanisms need to support both types of trust, and discuss how to leverage trust to achieve effective security protection. This can enhance organizational cooperation to tackle security challenges, provide motivation for employees to behave securely, while also reducing the need for expensive physical and technical security mechanisms
| Type: | Proceedings paper |
|---|---|
| Title: | Fixing Security Together: Leveraging trust relationships to improve security in organizations |
| Event: | USEC 2015 |
| Location: | San Diego, California |
| Dates: | 08 February 2015 - 11 February 2015 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.14722/usec.2015.23013 |
| Publisher version: | http://dx.doi.org/10.14722/usec.2015.23013 |
| Language: | English |
| Additional information: | Copyright © 2015 Internet Society. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment. |
| Keywords: | Trust, Information security management, Compliance, Security design |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/1461243 |
Archive Staff Only
 |
View Item |
