Beautement et al., 2008
The Compliance Budget: Managing Security Behaviour in Organisations
conference-paper
Authors
Beautement, A., Sasse, M.A., Wonham, M.
Identifiers
Year
2008
Abstract
A significant number of security breaches result from employees’ failure to comply with security policies. Many organizations have tried to change or influence security behaviour, but found it a major challenge. Drawing on previous research on usable security and economics of security, we propose a new approach to managing employee security behaviour. We conducted interviews with 17 employees from two major commercial organizations, asking why they do or don’t comply with security policies. Our results show that key factors in the compliance decision are the actual and anticipated cost and benefits of compliance to the individual employee, and perceived cost and benefits to the organization. We present a new paradigm – the Compliance Budget - as a means of understanding how individuals perceive the costs and benefits of compliance with organisational security goals, and identify a range of approaches that security managers can use to influence employee’s perceptions (which, in turn, influence security behaviour). The Compliance Budget should be understood and managed in the same way as any financial budget, as compliance directly affects, and can place a cap on, effectiveness of organisational security measures.
(, p. 1)
Links
Citation
Beautement, A., Sasse, M.A., Wonham, M., 2008. The Compliance Budget: Managing Security Behaviour in Organisations, in: Proceedings of the 2008 Workshop on New Security Paradigms - NSPW ’08. Presented at the 2008 workshop, ACM Press, Lake Tahoe, California, USA, p. 47. https://doi.org/10.1145/1595676.1595684
Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.
This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.