Kirlappos, I;
Parkin, S;
Sasse, MA;
(2015)
"Shadow security" as a tool for the learning organization.
ACM SIGCAS Computers and Society
, 45
(1)
pp. 29-37.
10.1145/2738210.2738216.
Preview |
Text
Kirlappos%2C Parkin%2C Sasse - Shadow Security-nocop.pdf Download (472kB) | Preview |
Abstract
Traditionally, organizations manage information security through policies and mechanisms that employees are expected to comply with. Non-compliance with security is regarded as undesirable, and often sanctions are threatened to deter it. But in a recent study, we identified a third category of employee security behavior: shadow security. This consists of workarounds employees devise to ensure primary business goals are achieved; they also devise their own security measures to counter the risks they understand. Whilst not compliant with official policy, and sometimes not as secure as employees think, shadow security practices reflect the working compromise staff find between security and "getting the job done". We add to this insight in this paper by discussing findings from a new interview study in a different organization. We identified additional shadow security practices, and show how they can be transformed into effective and productivity-enabling security solutions, within the framework of a learning organization.
Type: | Article |
---|---|
Title: | "Shadow security" as a tool for the learning organization |
Location: | USA |
Open access status: | An open access version is available from UCL Discovery |
DOI: | 10.1145/2738210.2738216 |
Publisher version: | http://dx.doi.org/10.1145/2738210.2738216 |
Language: | English |
Additional information: | © Kirlappos, Parkin, Sasse, ACM 2015. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in SIGCAS Computers & Society, http://dx.doi.org/10.1145/2738210.2738216. |
Keywords: | Information security management, Compliance, Security design |
UCL classification: | UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science |
URI: | https://discovery.ucl.ac.uk/id/eprint/1462481 |
Archive Staff Only
View Item |