TY - JOUR
T1 - Routes to security compliance
T2 - Be good or be shamed?
AU - Harris, Mark
AU - Furnell, Steven
PY - 2012/12/1
Y1 - 2012/12/1
N2 - Information security can benefit from multiple approaches to achieve staff compliance. While some people naturally accept their responsibilities, others require encouragement to stay on the right path. One potential factor is the desire to avoid feeling shamed by managers or peers. Mark Harris and Steven Furnell examine the potential of shaming as a means of dissuading employees from breaching policy, using original research. The results reveal that shaming could indeed have a positive influence, but there are also potential risks involved. It is widely recognised that security cannot succeed through technology alone and therefore won't work unless people are on board. Many organisations consequently face the questions of how to get staff to understand their roles when it comes to security, and then to enact their security responsibilities. This, of course, presents them with a situation for which there are multiple right answers, as well as several techniques that are less likely to be successful in some contexts. As such, it is worth understanding the techniques that are likely to have value.
AB - Information security can benefit from multiple approaches to achieve staff compliance. While some people naturally accept their responsibilities, others require encouragement to stay on the right path. One potential factor is the desire to avoid feeling shamed by managers or peers. Mark Harris and Steven Furnell examine the potential of shaming as a means of dissuading employees from breaching policy, using original research. The results reveal that shaming could indeed have a positive influence, but there are also potential risks involved. It is widely recognised that security cannot succeed through technology alone and therefore won't work unless people are on board. Many organisations consequently face the questions of how to get staff to understand their roles when it comes to security, and then to enact their security responsibilities. This, of course, presents them with a situation for which there are multiple right answers, as well as several techniques that are less likely to be successful in some contexts. As such, it is worth understanding the techniques that are likely to have value.
UR - http://www.scopus.com/inward/record.url?scp=84871396547&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84871396547&partnerID=8YFLogxK
U2 - 10.1016/S1361-3723(12)70122-7
DO - 10.1016/S1361-3723(12)70122-7
M3 - Article
AN - SCOPUS:84871396547
SN - 1361-3723
VL - 2012
SP - 12
EP - 20
JO - Computer Fraud and Security
JF - Computer Fraud and Security
IS - 12
ER -