Unpacking security policy compliance: The motivators and
barriers of employees’ security behaviors

John Blythe; Lynne Coventry; Linda Little

Unpacking security policy compliance: The motivators and barriers of employees’ security behaviors

John Blythe, Lynne Coventry, Linda Little

Psychology

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

19 Downloads (Pure)

Abstract

The body of research that focuses on employees’ information Security Policy compliance is problematic as it treats compliance as a single behavior. This study explored the underlying behavioral context of information security in the workplace, exploring how individual and organizational factors influence the interplay of the motivations and barriers of security behaviors. Investigating factors that had previously been explored in security research, 20 employees from two organizations were interviewed and the data was analyzed using framework analysis. The analysis indicated that there were seven themes pertinent to information security: Response Evaluation, Threat Evaluation, Knowledge, Experience, Security Responsibility, Personal and Work Boundaries, and Security Behavior. The findings suggest that these differ by security behavior and by the nature of the behavior (e.g. on- and offline). Conclusions are discussed highlighting barriers to security actions and implications for future research and workplace practice.

Original language	English
Title of host publication	Eleventh Symposium On Usable Privacy and Security (SOUPS 2015)
Place of Publication	Berkeley
Publisher	USENIX Association
ISBN (Print)	978-1-931971-249
Publication status	Published - 22 Jul 2015

Access to Document

Soups15-paper-blytheFinal published version, 567 KB

Cite this

@inbook{433a2e001eac406f982bf88a1b5ce22d,

title = "Unpacking security policy compliance: The motivators and barriers of employees{\textquoteright} security behaviors",

abstract = "The body of research that focuses on employees{\textquoteright} information Security Policy compliance is problematic as it treats compliance as a single behavior. This study explored the underlying behavioral context of information security in the workplace, exploring how individual and organizational factors influence the interplay of the motivations and barriers of security behaviors. Investigating factors that had previously been explored in security research, 20 employees from two organizations were interviewed and the data was analyzed using framework analysis. The analysis indicated that there were seven themes pertinent to information security: Response Evaluation, Threat Evaluation, Knowledge, Experience, Security Responsibility, Personal and Work Boundaries, and Security Behavior. The findings suggest that these differ by security behavior and by the nature of the behavior (e.g. on- and offline). Conclusions are discussed highlighting barriers to security actions and implications for future research and workplace practice.",

author = "John Blythe and Lynne Coventry and Linda Little",

year = "2015",

month = jul,

day = "22",

language = "English",

isbn = "978-1-931971-249",

booktitle = "Eleventh Symposium On Usable Privacy and Security (SOUPS 2015)",

publisher = "USENIX Association",

}

TY - CHAP

T1 - Unpacking security policy compliance: The motivators and barriers of employees’ security behaviors

AU - Blythe, John

AU - Coventry, Lynne

AU - Little, Linda

PY - 2015/7/22

Y1 - 2015/7/22

N2 - The body of research that focuses on employees’ information Security Policy compliance is problematic as it treats compliance as a single behavior. This study explored the underlying behavioral context of information security in the workplace, exploring how individual and organizational factors influence the interplay of the motivations and barriers of security behaviors. Investigating factors that had previously been explored in security research, 20 employees from two organizations were interviewed and the data was analyzed using framework analysis. The analysis indicated that there were seven themes pertinent to information security: Response Evaluation, Threat Evaluation, Knowledge, Experience, Security Responsibility, Personal and Work Boundaries, and Security Behavior. The findings suggest that these differ by security behavior and by the nature of the behavior (e.g. on- and offline). Conclusions are discussed highlighting barriers to security actions and implications for future research and workplace practice.

AB - The body of research that focuses on employees’ information Security Policy compliance is problematic as it treats compliance as a single behavior. This study explored the underlying behavioral context of information security in the workplace, exploring how individual and organizational factors influence the interplay of the motivations and barriers of security behaviors. Investigating factors that had previously been explored in security research, 20 employees from two organizations were interviewed and the data was analyzed using framework analysis. The analysis indicated that there were seven themes pertinent to information security: Response Evaluation, Threat Evaluation, Knowledge, Experience, Security Responsibility, Personal and Work Boundaries, and Security Behavior. The findings suggest that these differ by security behavior and by the nature of the behavior (e.g. on- and offline). Conclusions are discussed highlighting barriers to security actions and implications for future research and workplace practice.

M3 - Chapter

SN - 978-1-931971-249

BT - Eleventh Symposium On Usable Privacy and Security (SOUPS 2015)

PB - USENIX Association

CY - Berkeley

ER -

Unpacking security policy compliance: The motivators and barriers of employees’ security behaviors

Abstract

Access to Document

Fingerprint

Cite this