Security Circumvention: To Educate or To Enforce?

Debabrata Dey; Abhijeet Ghoshal; Atanu Lahiri

doi:10.24251/HICSS.2018.648

Security Circumvention: To Educate or To Enforce?

Debabrata Dey, Abhijeet Ghoshal, Atanu Lahiri

Research output: Contribution to conference › Paper › peer-review

Abstract

Deliberate circumvention of information systems security is a common behavioral pattern among users. It not only defeats the purpose of having the security controls in place, but can also go far beyond in terms of the total damage it can cause. An organization grappling with circumvention can try to (i) train its users, or (ii) take on enforcement measures, or adopt a combination of the two. In this work, we look at the trade-off between these two very different approaches towards circumvention and try to gain some insights about how an organization might wish to tackle this menace.

Original language	English (US)
Number of pages	10
DOIs	https://doi.org/10.24251/HICSS.2018.648
State	Published - 2018
Externally published	Yes

Online availability

10.24251/HICSS.2018.648License: CC BY-NC-ND

Library availability

Discover UIUC Full Text

Cite this

@conference{13edb158f3074179ba71d9fc1294edbc,

title = "Security Circumvention: To Educate or To Enforce?",

abstract = "Deliberate circumvention of information systems security is a common behavioral pattern among users. It not only defeats the purpose of having the security controls in place, but can also go far beyond in terms of the total damage it can cause. An organization grappling with circumvention can try to (i) train its users, or (ii) take on enforcement measures, or adopt a combination of the two. In this work, we look at the trade-off between these two very different approaches towards circumvention and try to gain some insights about how an organization might wish to tackle this menace.",

author = "Debabrata Dey and Abhijeet Ghoshal and Atanu Lahiri",

year = "2018",