Productive Security: A Scalable Methodology for Analysing Employee Security Behaviours
Authors:
Adam Beautement, Ingolf Becker, Simon Parkin, Kat Krol, and Angela Sasse, University College London
Abstract:
Organisational security policies are often written without sufficiently taking in to account the goals and capabilities of the employees that must follow them. Effective security management requires that security managers are able to assess the effectiveness of their policies, including their impact on employee behaviour. We present a methodology for gathering large scale data sets on employee behaviour and attitudes via scenario-based surveys. The survey questions are grounded in rich data drawn from interviews, and probe perceptions of security measures and their impact. Here we study employees of a large multinational company, demonstrating that our approach is capable of determining important differences between various population groups. We also report that our work has been used to set policy within the partner organisation, illustrating the real-world impact of our research.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {197306,
author = {Adam Beautement and Ingolf Becker and Simon Parkin and Kat Krol and Angela Sasse},
title = {Productive Security: A Scalable Methodology for Analysing Employee Security Behaviours},
booktitle = {Twelfth Symposium on Usable Privacy and Security (SOUPS 2016)},
year = {2016},
isbn = {978-1-931971-31-7},
address = {Denver, CO},
pages = {253--270},
url = {https://www.usenix.org/conference/soups2016/technical-sessions/presentation/beautement},
publisher = {USENIX Association},
month = jun
}
Twitter
Facebook
LinkedIn
Google+
YouTube
connect with us