Workarounds and trade-offs in information security – an exploratory study. (9th October 2017)
- Record Type:
- Journal Article
- Title:
- Workarounds and trade-offs in information security – an exploratory study. (9th October 2017)
- Main Title:
- Workarounds and trade-offs in information security – an exploratory study
- Authors:
- Woltjer, Rogier
- Abstract:
- Abstract : Purpose: The purpose of this paper is to investigate relationships between workarounds (solutions to handling trade-offs between competing or misaligned goals and gaps in policies and procedures), perceived trade-offs, information security (IS) policy compliance, IS expertise/knowledge and IS demands. Design/methodology/approach: The research purpose is addressed using survey data from a nationwide sample of Swedish white-collar workers ( N = 156). Findings: Responses reinforce the notion that workarounds partly are something different from IS policy compliance and that workarounds-as-improvisations are used more frequently by employees that see more conflicts between IS and other goals ( r = 0.351), and have more IS expertise/knowledge ( r = 0.257). Workarounds-as-non-compliance are also used more frequently when IS trade-offs are perceived ( r = 0.536). These trade-offs are perceived more by people working in organizations that handle information with high security demands ( r = 0.265) and those who perform tasks with high IS demands ( r = 0.178). Originality/value: IS policies are an important part of IS governance. They describe the procedures that are supposed to provide IS. Researchers have primarily investigated how employees' compliance with IS policies can be predicted and explained. There has been an increased interest in how tradeoffs and conflicts between following policies and other goals lead employees to make workarounds. Workarounds may leaveAbstract : Purpose: The purpose of this paper is to investigate relationships between workarounds (solutions to handling trade-offs between competing or misaligned goals and gaps in policies and procedures), perceived trade-offs, information security (IS) policy compliance, IS expertise/knowledge and IS demands. Design/methodology/approach: The research purpose is addressed using survey data from a nationwide sample of Swedish white-collar workers ( N = 156). Findings: Responses reinforce the notion that workarounds partly are something different from IS policy compliance and that workarounds-as-improvisations are used more frequently by employees that see more conflicts between IS and other goals ( r = 0.351), and have more IS expertise/knowledge ( r = 0.257). Workarounds-as-non-compliance are also used more frequently when IS trade-offs are perceived ( r = 0.536). These trade-offs are perceived more by people working in organizations that handle information with high security demands ( r = 0.265) and those who perform tasks with high IS demands ( r = 0.178). Originality/value: IS policies are an important part of IS governance. They describe the procedures that are supposed to provide IS. Researchers have primarily investigated how employees' compliance with IS policies can be predicted and explained. There has been an increased interest in how tradeoffs and conflicts between following policies and other goals lead employees to make workarounds. Workarounds may leave management unaware of how work actually is done within the organization and may besides getting work done lead to new vulnerabilities. This study furthers the understanding of workarounds and trade-offs, which should be subject to further research. … (more)
- Is Part Of:
- Information and computer security. Volume 25:Number 4(2017)
- Journal:
- Information and computer security
- Issue:
- Volume 25:Number 4(2017)
- Issue Display:
- Volume 25, Issue 4 (2017)
- Year:
- 2017
- Volume:
- 25
- Issue:
- 4
- Issue Sort Value:
- 2017-0025-0004-0000
- Page Start:
- 402
- Page End:
- 420
- Publication Date:
- 2017-10-09
- Subjects:
- Policy -- Information security -- Expertise -- Trade-offs -- Workarounds -- Information security demands
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-02-2016-0017 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 4803.xml