Please use this identifier to cite or link to this item:
Security Circumvention: To Educate or To Enforce?
|Title:||Security Circumvention: To Educate or To Enforce?|
|Keywords:||Strategy, Information, Technology, Economics, and Society (SITES)|
Circumvention, IT Security, monitoring, security control, training, work-around
|Date Issued:||03 Jan 2018|
|Abstract:||Deliberate circumvention of information systems security is a common behavioral pattern among users. It not only defeats the purpose of having the security controls in place, but can also go far beyond in terms of the total damage it can cause. An organization grappling with circumvention can try to (i) train its users, or (ii) take on enforcement measures, or adopt a combination of the two. In this work, we look at the trade-off between these two very different approaches towards circumvention and try to gain some insights about how an organization might wish to tackle this menace.|
|Rights:||Attribution-NonCommercial-NoDerivatives 4.0 International|
|Appears in Collections:||
Strategy, Information, Technology, Economics, and Society (SITES)|
Please email firstname.lastname@example.org if you need this content in ADA-compliant format.
This item is licensed under a Creative Commons License