UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

Fixing Security Together: Leveraging trust relationships to improve security in organizations

Kirlappos, I; Sasse, MA; (2015) Fixing Security Together: Leveraging trust relationships to improve security in organizations. In: Proceedings of the NDSS Symposium 2015. Internet Society: San Diego, CA, USA. Green open access

[img] Text
Kirlappos-Usec2015.pdf
Available under License : See the attached licence file.

Download (713kB)

Abstract

Current approaches to information security focused on deploying security mechanisms, creating policies and communicating those to employees. Little consideration was given to how policies and mechanisms affect trust relationships in an organization, and in turn security behavior. Our analysis of 208 in-depth interviews with employees in two large multinational organizations found two trust relationships: between the organization and its employees (organization-employee trust), and between employees (inter-employee trust). When security interferes with employees’ ability to complete work tasks, they rely on inter-employee trust to overcome those obstacles (e.g. sharing a password with a colleague who is locked out of a system and urgently needs access). Thus, non-compliance is a collaborative action, which develops inter-employee trust further, as employees now become “partners in crime”. The existence of these two relationships also presents employees with a clear dilemma: either try to comply with cumbersome security (and honor organization-employee trust) or help their colleagues by violating security (preserving inter-employee trust). We conclude that designers of security policies and mechanisms need to support both types of trust, and discuss how to leverage trust to achieve effective security protection. This can enhance organizational cooperation to tackle security challenges, provide motivation for employees to behave securely, while also reducing the need for expensive physical and technical security mechanisms

Type: Proceedings paper
Title: Fixing Security Together: Leveraging trust relationships to improve security in organizations
Event: USEC 2015
Location: San Diego, California
Dates: 08 February 2015 - 11 February 2015
Open access status: An open access version is available from UCL Discovery
DOI: 10.14722/usec.2015.23013
Publisher version: http://dx.doi.org/10.14722/usec.2015.23013
Language: English
Additional information: Copyright © 2015 Internet Society. Permission to freely reproduce all or part of this paper for noncommercial purposes is granted provided that copies bear this notice and the full citation on the first page. Reproduction for commercial purposes is strictly prohibited without the prior written consent of the Internet Society, the first-named author (for reproduction of an entire paper only), and the author's employer if the paper was prepared within the scope of employment.
Keywords: Trust, Information security management, Compliance, Security design
UCL classification: UCL
UCL > Provost and Vice Provost Offices
UCL > Provost and Vice Provost Offices > UCL BEAMS
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
URI: https://discovery.ucl.ac.uk/id/eprint/1461243
Downloads since deposit
340Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item