Information security can benefit from multiple approaches to achieve staff compliance. While some people naturally accept their responsibilities, others require encouragement to stay on the right path. One potential factor is the desire to avoid feeling shamed by managers or peers. Mark Harris and Steven Furnell examine the potential of shaming as a means of dissuading employees from breaching policy, using original research. The results reveal that shaming could indeed have a positive influence, but there are also potential risks involved. It is widely recognised that security cannot succeed through technology alone and therefore won't work unless people are on board. Many organisations consequently face the questions of how to get staff to understand their roles when it comes to security, and then to enact their security responsibilities. This, of course, presents them with a situation for which there are multiple right answers, as well as several techniques that are less likely to be successful in some contexts. As such, it is worth understanding the techniques that are likely to have value.
ASJC Scopus subject areas
- Computer Science(all)