Workarounds and trade-offs in information security-An exploratory study

被引:16
|
作者
Woltjer R. [1 ]
机构
[1] Swedish Defence Research Agency (FOI), Linköping
关键词
Expertise; Information security; Information security demands; Policy; Trade-offs; Workarounds;
D O I
10.1108/ICS-02-2016-0017
中图分类号
学科分类号
摘要
Purpose-The purpose of this paper is to investigate relationships between workarounds (solutions to handling trade-offs between competing or misaligned goals and gaps in policies and procedures), perceived trade-offs, information security (IS) policy compliance, IS expertise/knowledge and IS demands. Design/methodology/approach-The research purpose is addressed using survey data from a nationwide sample of Swedish white-collar workers (N = 156). Findings-Responses reinforce the notion that workarounds partly are something different from IS policy compliance and that workarounds-as-improvisations are used more frequently by employees that see more conflicts between IS and other goals (r = 0.351), and have more IS expertise/knowledge (r = 0.257). Workarounds-as-non-compliance are also used more frequently when IS trade-offs are perceived (r = 0.536). These trade-offs are perceived more by people working in organizations that handle information with high security demands (r = 0.265) and those who perform tasks with high IS demands (r = 0.178). Originality/value-IS policies are an important part of IS governance. They describe the procedures that are supposed to provide IS. Researchers have primarily investigated how employees' compliance with IS policies can be predicted and explained. There has been an increased interest in how tradeoffs and conflicts between following policies and other goals lead employees to make workarounds. Workarounds may leave management unaware of how work actually is done within the organization and may besides getting work done lead to new vulnerabilities. This study furthers the understanding of workarounds and trade-offs, which should be subject to further research. © Emerald Publishing Limited.
引用
收藏
页码:402 / 420
页数:18
相关论文
共 50 条
  • [1] Investments and Trade-offs in the Economics of Information Security
    Ioannidis, Christos
    Pym, David
    Williams, Julian
    FINANCIAL CRYPTOGRAPHY AND DATA SECURITY, 2009, 5628 : 148 - +
  • [2] Information security trade-offs and optimal patching policies
    Ioannidis, Christos
    Pym, David
    Williams, Julian
    EUROPEAN JOURNAL OF OPERATIONAL RESEARCH, 2012, 216 (02) : 434 - 444
  • [3] Budgetary trade-offs of security expenditures in Turkey
    Günlük-Senesen, G
    DEFENCE AND PEACE ECONOMICS, 2002, 13 (05) : 385 - 403
  • [4] Security Trade-offs in Microfluidic Routing Fabrics
    Tang, Jack
    Ibrahim, Mohamed
    Chakrabarty, Krishnendu
    Karri, Ramesh
    2017 IEEE 35TH INTERNATIONAL CONFERENCE ON COMPUTER DESIGN (ICCD), 2017, : 25 - 32
  • [5] Privatizing Social Security: The troubling trade-offs
    Burtless, G
    Bosworth, B
    WASHINGTON QUARTERLY, 1999, 22 (01): : 205 - 215
  • [6] Blockchain Interoperability: Performance and Security Trade-offs
    Pillai, Babu
    Hou, Zhe
    Biswas, Kamanashis
    Bui, Vinh
    Muthukkumarasamy, Vallipuram
    PROCEEDINGS OF THE TWENTIETH ACM CONFERENCE ON EMBEDDED NETWORKED SENSOR SYSTEMS, SENSYS 2022, 2022, : 1196 - 1201
  • [7] Quality attribute trade-offs in the embedded systems industry: an exploratory case study
    Sas, Darius
    Avgeriou, Paris
    SOFTWARE QUALITY JOURNAL, 2020, 28 (02) : 505 - 534
  • [8] Quality attribute trade-offs in the embedded systems industry: an exploratory case study
    Darius Sas
    Paris Avgeriou
    Software Quality Journal, 2020, 28 : 505 - 534
  • [9] Information trade-offs and the evolution of sensory layouts
    Olsson, L
    Nehaniv, CL
    Polani, D
    ARTIFICIAL LIFE IX, 2004, : 119 - 124
  • [10] Information Trade-Offs for Optical Quantum Communication
    Wilde, Mark M.
    Hayden, Patrick
    Guha, Saikat
    PHYSICAL REVIEW LETTERS, 2012, 108 (14)