The security awareness paradox: A case study

2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014) Pub Date : 2014-08-17 DOI:10.1109/ASONAM.2014.6921663

M. Tariq, J. Brynielsson, H. Artman

{"title":"The security awareness paradox: A case study","authors":"M. Tariq, J. Brynielsson, H. Artman","doi":"10.1109/ASONAM.2014.6921663","DOIUrl":null,"url":null,"abstract":"Knowledge-intensive organizations are characterized by their dependency on highly skilled personnel who perform their daily work in a decentralized manner. In these organizations it is the users who make the important decisions, and therefore the organization's information security awareness is upheld by and depends on its users' combined security awareness. To assess the overall organizational security awareness it therefore becomes interesting to assess both the users' individual level of security awareness, as well as their level of consistency and conformity with regard to other users' awareness. In the present case study, 15 semi-structured interviews have been undertaken within a large telecommunication company in order to understand how significant IT security aspects are understood within the organization. The study highlights a number of perception differences where the technical IT staff and the ordinary users do not share the same understanding. It is suggested that these perception differences result from a paradoxical situation where the users' possibility to uphold security awareness is hindered because of security concerns.","PeriodicalId":143584,"journal":{"name":"2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014)","volume":"102 14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-08-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"17","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ASONAM.2014.6921663","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 17

Abstract

Knowledge-intensive organizations are characterized by their dependency on highly skilled personnel who perform their daily work in a decentralized manner. In these organizations it is the users who make the important decisions, and therefore the organization's information security awareness is upheld by and depends on its users' combined security awareness. To assess the overall organizational security awareness it therefore becomes interesting to assess both the users' individual level of security awareness, as well as their level of consistency and conformity with regard to other users' awareness. In the present case study, 15 semi-structured interviews have been undertaken within a large telecommunication company in order to understand how significant IT security aspects are understood within the organization. The study highlights a number of perception differences where the technical IT staff and the ordinary users do not share the same understanding. It is suggested that these perception differences result from a paradoxical situation where the users' possibility to uphold security awareness is hindered because of security concerns.

查看原文本刊更多论文

安全意识悖论:一个案例研究

知识密集型组织的特点是依赖以分散方式执行日常工作的高技能人员。在这些组织中，重要的决策是由用户做出的，因此组织的信息安全意识是由用户的综合安全意识来维持并依赖于用户的综合安全意识。为了评估整个组织的安全意识，因此评估用户的个人安全意识水平以及他们与其他用户的意识的一致性和一致性水平变得很有趣。在本案例研究中，在一家大型电信公司内进行了15次半结构化访谈，以了解组织内对IT安全方面的理解有多重要。该研究强调了技术IT人员和普通用户在理解上的一些差异。这表明，这些感知差异是由于一个矛盾的情况，即用户维护安全意识的可能性因为安全问题而受到阻碍。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2014 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM 2014)

自引率

0.00%

发文量