UCL Discovery
UCL home » Library Services » Electronic resources » UCL Discovery

"Shadow security" as a tool for the learning organization

Kirlappos, I; Parkin, S; Sasse, MA; (2015) "Shadow security" as a tool for the learning organization. ACM SIGCAS Computers and Society , 45 (1) pp. 29-37. 10.1145/2738210.2738216. Green open access

[thumbnail of Kirlappos%2C Parkin%2C Sasse - Shadow Security-nocop.pdf]
Preview
Text
Kirlappos%2C Parkin%2C Sasse - Shadow Security-nocop.pdf

Download (472kB) | Preview

Abstract

Traditionally, organizations manage information security through policies and mechanisms that employees are expected to comply with. Non-compliance with security is regarded as undesirable, and often sanctions are threatened to deter it. But in a recent study, we identified a third category of employee security behavior: shadow security. This consists of workarounds employees devise to ensure primary business goals are achieved; they also devise their own security measures to counter the risks they understand. Whilst not compliant with official policy, and sometimes not as secure as employees think, shadow security practices reflect the working compromise staff find between security and "getting the job done". We add to this insight in this paper by discussing findings from a new interview study in a different organization. We identified additional shadow security practices, and show how they can be transformed into effective and productivity-enabling security solutions, within the framework of a learning organization.

Type: Article
Title: "Shadow security" as a tool for the learning organization
Location: USA
Open access status: An open access version is available from UCL Discovery
DOI: 10.1145/2738210.2738216
Publisher version: http://dx.doi.org/10.1145/2738210.2738216
Language: English
Additional information: © Kirlappos, Parkin, Sasse, ACM 2015. This is the author's version of the work. It is posted here for your personal use. Not for redistribution. The definitive Version of Record was published in SIGCAS Computers & Society, http://dx.doi.org/10.1145/2738210.2738216.
Keywords: Information security management, Compliance, Security design
UCL classification: UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science
UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science
URI: https://discovery.ucl.ac.uk/id/eprint/1462481
Downloads since deposit
873Downloads
Download activity - last month
Download activity - last 12 months
Downloads by country - last 12 months

Archive Staff Only

View Item View Item