Security Circumvention: To Educate or To Enforce?

Files
paper0650.pdf (1.19 MB)
Date
2018-01-03
Authors
Dey, Debabrata
Ghoshal, Abhijeet
Lahiri, Atanu
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Annotator
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
Ending Page
Alternative Title
Abstract
Deliberate circumvention of information systems security is a common behavioral pattern among users. It not only defeats the purpose of having the security controls in place, but can also go far beyond in terms of the total damage it can cause. An organization grappling with circumvention can try to (i) train its users, or (ii) take on enforcement measures, or adopt a combination of the two. In this work, we look at the trade-off between these two very different approaches towards circumvention and try to gain some insights about how an organization might wish to tackle this menace.
Description
Keywords
Strategy, Information, Technology, Economics, and Society (SITES), Circumvention, IT Security, monitoring, security control, training, work-around
Citation
URI
http://hdl.handle.net/10125/50537
Extent
10 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 51st Hawaii International Conference on System Sciences
Table of Contents
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Local Contexts
Collections
Strategy, Information, Technology, Economics, and Society (SITES)
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.