Routes to security compliance: Be good or be shamed?

Mark Alan Harris, Steven Furnell

Research output: Contribution to journalArticle

10 Citations (Scopus)

Abstract

Information security can benefit from multiple approaches to achieve staff compliance. While some people naturally accept their responsibilities, others require encouragement to stay on the right path. One potential factor is the desire to avoid feeling shamed by managers or peers. Mark Harris and Steven Furnell examine the potential of shaming as a means of dissuading employees from breaching policy, using original research. The results reveal that shaming could indeed have a positive influence, but there are also potential risks involved. It is widely recognised that security cannot succeed through technology alone and therefore won't work unless people are on board. Many organisations consequently face the questions of how to get staff to understand their roles when it comes to security, and then to enact their security responsibilities. This, of course, presents them with a situation for which there are multiple right answers, as well as several techniques that are less likely to be successful in some contexts. As such, it is worth understanding the techniques that are likely to have value.

Original languageEnglish (US)
Pages (from-to)12-20
Number of pages9
JournalComputer Fraud and Security
Volume2012
Issue number12
DOIs
StatePublished - Dec 1 2012
Externally publishedYes

Fingerprint

Security of data
Managers
Personnel
staff
responsibility
employee
manager
Compliance
Values

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Cite this

Routes to security compliance : Be good or be shamed? / Harris, Mark Alan; Furnell, Steven.

In: Computer Fraud and Security, Vol. 2012, No. 12, 01.12.2012, p. 12-20.

Research output: Contribution to journalArticle

Harris, Mark Alan ; Furnell, Steven. / Routes to security compliance : Be good or be shamed?. In: Computer Fraud and Security. 2012 ; Vol. 2012, No. 12. pp. 12-20.
@article{0893e14719674385ab4869397053f0ed,
title = "Routes to security compliance: Be good or be shamed?",
abstract = "Information security can benefit from multiple approaches to achieve staff compliance. While some people naturally accept their responsibilities, others require encouragement to stay on the right path. One potential factor is the desire to avoid feeling shamed by managers or peers. Mark Harris and Steven Furnell examine the potential of shaming as a means of dissuading employees from breaching policy, using original research. The results reveal that shaming could indeed have a positive influence, but there are also potential risks involved. It is widely recognised that security cannot succeed through technology alone and therefore won't work unless people are on board. Many organisations consequently face the questions of how to get staff to understand their roles when it comes to security, and then to enact their security responsibilities. This, of course, presents them with a situation for which there are multiple right answers, as well as several techniques that are less likely to be successful in some contexts. As such, it is worth understanding the techniques that are likely to have value.",
author = "Harris, {Mark Alan} and Steven Furnell",
year = "2012",
month = "12",
day = "1",
doi = "10.1016/S1361-3723(12)70122-7",
language = "English (US)",
volume = "2012",
pages = "12--20",
journal = "Computer Fraud and Security",
issn = "1361-3723",
publisher = "Elsevier BV",
number = "12",

}

TY - JOUR

T1 - Routes to security compliance

T2 - Be good or be shamed?

AU - Harris, Mark Alan

AU - Furnell, Steven

PY - 2012/12/1

Y1 - 2012/12/1

N2 - Information security can benefit from multiple approaches to achieve staff compliance. While some people naturally accept their responsibilities, others require encouragement to stay on the right path. One potential factor is the desire to avoid feeling shamed by managers or peers. Mark Harris and Steven Furnell examine the potential of shaming as a means of dissuading employees from breaching policy, using original research. The results reveal that shaming could indeed have a positive influence, but there are also potential risks involved. It is widely recognised that security cannot succeed through technology alone and therefore won't work unless people are on board. Many organisations consequently face the questions of how to get staff to understand their roles when it comes to security, and then to enact their security responsibilities. This, of course, presents them with a situation for which there are multiple right answers, as well as several techniques that are less likely to be successful in some contexts. As such, it is worth understanding the techniques that are likely to have value.

AB - Information security can benefit from multiple approaches to achieve staff compliance. While some people naturally accept their responsibilities, others require encouragement to stay on the right path. One potential factor is the desire to avoid feeling shamed by managers or peers. Mark Harris and Steven Furnell examine the potential of shaming as a means of dissuading employees from breaching policy, using original research. The results reveal that shaming could indeed have a positive influence, but there are also potential risks involved. It is widely recognised that security cannot succeed through technology alone and therefore won't work unless people are on board. Many organisations consequently face the questions of how to get staff to understand their roles when it comes to security, and then to enact their security responsibilities. This, of course, presents them with a situation for which there are multiple right answers, as well as several techniques that are less likely to be successful in some contexts. As such, it is worth understanding the techniques that are likely to have value.

UR - http://www.scopus.com/inward/record.url?scp=84871396547&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84871396547&partnerID=8YFLogxK

U2 - 10.1016/S1361-3723(12)70122-7

DO - 10.1016/S1361-3723(12)70122-7

M3 - Article

AN - SCOPUS:84871396547

VL - 2012

SP - 12

EP - 20

JO - Computer Fraud and Security

JF - Computer Fraud and Security

SN - 1361-3723

IS - 12

ER -