Karppinen, IA;
(2016)
'Mission impossible': how conflicting security and productivity demands induce non-compliance with security policies.
Doctoral thesis , UCL (University College London).
Abstract
Safety and security policies are a vital part of protecting a range of organisational assets and personnel. Safety research though, has focused on avoiding major catastrophes (from nuclear to aviation) and attributing responsibility for causation of accidents at both individual and organisational levels (Reason, 1990). Accident causation models that come from high-risk industries have limited application to organisations in the security industry though, where procedural non-compliance rarely results in a major catastrophe. As noted in the previous research (Karppinen, 2010), they do not adequately explain why employee non-compliance exists. The information security field, however, has identified security requirements which impede task productivity as a significant factor (Beautement, Sasse and Wonham, 2008). This research is a case-study of non-compliance in a secure logistics organisation whose operations are underpinned by critical physical security rules and procedures. It expands on previous research (Karppinen, 2010), making this a unique longitudinal case-study. Across six of its branches, archival (228 security breaches) and direct security-related observations (262) were obtained. Second, 70 operational-level employees (couriers) and 15 managers completed a Q-sorting task and were interviewed. Finally, an intervention method that was grounded in the data collected was introduced. This addressed the primary causes of non-compliance in an attempt to trigger behaviour change. The intervention followed the persuasive technology approach, with persuasive messages delivered to 139 couriers over a four-week period via each courier’s existing communication device. There were 85 pre-intervention and 76 post-intervention surveys completed and 26 CCTV observations were carried out during the intervention. The results showed that the persuasive messaging did not affect security compliance. However, the research offers insights into compliance with physical security rules, concluding that achieving full compliance with a security policy is ‘mission impossible’ where that policy is not designed, implemented and delivered in a manner that aids compliance.
Type: | Thesis (Doctoral) |
---|---|
Title: | 'Mission impossible': how conflicting security and productivity demands induce non-compliance with security policies |
Event: | UCL (University College London) |
Language: | English |
UCL classification: | UCL > Provost and Vice Provost Offices UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Security and Crime Science |
URI: | https://discovery.ucl.ac.uk/id/eprint/1493172 |
Archive Staff Only
View Item |