Routes to security compliance: Be good or be shamed?

Mark Harris, Steven Furnell

Research output: Contribution to journalArticlepeer-review

17 Scopus citations


Information security can benefit from multiple approaches to achieve staff compliance. While some people naturally accept their responsibilities, others require encouragement to stay on the right path. One potential factor is the desire to avoid feeling shamed by managers or peers. Mark Harris and Steven Furnell examine the potential of shaming as a means of dissuading employees from breaching policy, using original research. The results reveal that shaming could indeed have a positive influence, but there are also potential risks involved. It is widely recognised that security cannot succeed through technology alone and therefore won't work unless people are on board. Many organisations consequently face the questions of how to get staff to understand their roles when it comes to security, and then to enact their security responsibilities. This, of course, presents them with a situation for which there are multiple right answers, as well as several techniques that are less likely to be successful in some contexts. As such, it is worth understanding the techniques that are likely to have value.

Original languageEnglish (US)
Pages (from-to)12-20
Number of pages9
JournalComputer Fraud and Security
Issue number12
StatePublished - Dec 1 2012
Externally publishedYes

ASJC Scopus subject areas

  • Computer Science(all)
  • Law


Dive into the research topics of 'Routes to security compliance: Be good or be shamed?'. Together they form a unique fingerprint.

Cite this