Security circumvention: To educate or to enforce?

Debabrata Dey, Abhijeet Ghoshal, Atanu Lahiri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Deliberate circumvention of information systems security is a common behavioral pattern among users. It not only defeats the purpose of having the security controls in place, but can also go far beyond in terms of the total damage it can cause. An organization grappling with circumvention can try to (i) train its users, or (ii) take on enforcement measures, or adopt a combination of the two. In this work, we look at the trade-off between these two very different approaches towards circumvention and try to gain some insights about how an organization might wish to tackle this menace.

Original languageEnglish (US)
Title of host publicationProceedings of the 51st Annual Hawaii International Conference on System Sciences, HICSS 2018
EditorsTung X. Bui
PublisherIEEE Computer Society
Pages5195-5204
Number of pages10
ISBN (Electronic)9780998133119
StatePublished - 2018
Externally publishedYes
Event51st Annual Hawaii International Conference on System Sciences, HICSS 2018 - Big Island, United States
Duration: Jan 2 2018Jan 6 2018

Publication series

NameProceedings of the Annual Hawaii International Conference on System Sciences
Volume2018-January
ISSN (Print)1530-1605

Conference

Conference51st Annual Hawaii International Conference on System Sciences, HICSS 2018
Country/TerritoryUnited States
CityBig Island
Period1/2/181/6/18

Keywords

  • Circumvention
  • IT Security
  • Monitoring
  • Security control
  • Training
  • Work-around

ASJC Scopus subject areas

  • General Engineering

Fingerprint

Dive into the research topics of 'Security circumvention: To educate or to enforce?'. Together they form a unique fingerprint.

Cite this