{"title":"网络安全中的羞耻感:有效的行为矫正工具还是适得其反的陪衬?","authors":"K. Renaud, R. Searle, M. Dupuis","doi":"10.1145/3498891.3498896","DOIUrl":null,"url":null,"abstract":"Organizations often respond to cyber security breaches by blaming and shaming the employees who were involved. There is an intuitive natural justice to using such strategies in the belief that the need to avoid repeated shaming occurrences will encourage them to exercise more care. However, psychology highlights significant short- and long-term impacts and harmful consequences of felt shame. To explore and investigate this in the cyber domain, we asked those who had inadvertently triggered an adverse cyber security incident to tell us about their responses and to recount the emotions they experienced when this occurred. We also examined the impact of the organization’s management of the incident on the “culprit’s” future behaviors and attitudes. We discovered that those who had caused a cyber security incident often felt guilt and shame, and their employers’ responses either exacerbated or ameliorated these negative emotions. In the case of the former, there were enduring unfavorable consequences, both in terms of employee well-being and damaged relationships. We conclude with a set of recommendations for employers, in terms of responding to adverse cyber security incidents. The aim is to ensure that negative emotions, such as shame, do not make the incident much more damaging than it needs to be.","PeriodicalId":320273,"journal":{"name":"Proceedings of the 2021 New Security Paradigms Workshop","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"12","resultStr":"{\"title\":\"Shame in Cyber Security: Effective Behavior Modification Tool or Counterproductive Foil?\",\"authors\":\"K. Renaud, R. Searle, M. Dupuis\",\"doi\":\"10.1145/3498891.3498896\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Organizations often respond to cyber security breaches by blaming and shaming the employees who were involved. There is an intuitive natural justice to using such strategies in the belief that the need to avoid repeated shaming occurrences will encourage them to exercise more care. However, psychology highlights significant short- and long-term impacts and harmful consequences of felt shame. To explore and investigate this in the cyber domain, we asked those who had inadvertently triggered an adverse cyber security incident to tell us about their responses and to recount the emotions they experienced when this occurred. We also examined the impact of the organization’s management of the incident on the “culprit’s” future behaviors and attitudes. We discovered that those who had caused a cyber security incident often felt guilt and shame, and their employers’ responses either exacerbated or ameliorated these negative emotions. In the case of the former, there were enduring unfavorable consequences, both in terms of employee well-being and damaged relationships. We conclude with a set of recommendations for employers, in terms of responding to adverse cyber security incidents. The aim is to ensure that negative emotions, such as shame, do not make the incident much more damaging than it needs to be.\",\"PeriodicalId\":320273,\"journal\":{\"name\":\"Proceedings of the 2021 New Security Paradigms Workshop\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"12\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2021 New Security Paradigms Workshop\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3498891.3498896\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2021 New Security Paradigms Workshop","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3498891.3498896","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Shame in Cyber Security: Effective Behavior Modification Tool or Counterproductive Foil?
Organizations often respond to cyber security breaches by blaming and shaming the employees who were involved. There is an intuitive natural justice to using such strategies in the belief that the need to avoid repeated shaming occurrences will encourage them to exercise more care. However, psychology highlights significant short- and long-term impacts and harmful consequences of felt shame. To explore and investigate this in the cyber domain, we asked those who had inadvertently triggered an adverse cyber security incident to tell us about their responses and to recount the emotions they experienced when this occurred. We also examined the impact of the organization’s management of the incident on the “culprit’s” future behaviors and attitudes. We discovered that those who had caused a cyber security incident often felt guilt and shame, and their employers’ responses either exacerbated or ameliorated these negative emotions. In the case of the former, there were enduring unfavorable consequences, both in terms of employee well-being and damaged relationships. We conclude with a set of recommendations for employers, in terms of responding to adverse cyber security incidents. The aim is to ensure that negative emotions, such as shame, do not make the incident much more damaging than it needs to be.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
