John M Blythe, Lynne Coventry, Linda Little
The body of research that focuses on employees’ Information Security Policy compliance is problematic as it treats compliance as a single behavior. This study explored the underlying behavioral context of information security in the workplace, exploring how individual and organizational factors influence the interplay of the motivations and barriers of security behaviors. Investigating factors that had previously been explored in security research, 20 employees from two organizations were interviewed and the data was analyzed using framework analysis. The analysis indicated that there were seven themes pertinent to information security: Response Evaluation, Threat Evaluation, Knowledge, Experience, Security Responsibility, Personal and Work Boundaries, and Security Behavior. The findings suggest that these differ by security behavior and by the nature of the behavior (e.g. on- and offline). Conclusions are discussed highlighting barriers to security actions and implications for future research and workplace practice.
Date: July 23, 2015
Presented: 11th Symposium on Usable Privacy and Security (SOUPS), July 22-24, 2015, Ottawa, Canada, USENIX Association.
Published: SOUPS 2015 Proceedings: 11th Symposium on Usable Privacy and Security (SOUPS), July 22-24, 2015, Ottawa, Canada, USENIX Association.
Publisher URL: https://www.usenix.org/conference/soups2015/proceedings/presentation/blythe
Open Access: https://www.usenix.org/system/files/conference/soups2015/soups15-paper-blythe.pdf