Renaud, K. (2012) Blaming noncompliance is too convenient: What really causes information breaches? IEEE Security and Privacy Magazine, 10(3), pp. 57-63. (doi: 10.1109/MSP.2011.157)
Full text not currently available from Enlighten.
Publisher's URL: http://dx.doi.org/10.1109/MSP.2011.157
Abstract
Information breaches demand a vigorous response from organizations. The traditional response is to institute policies to constrain and control employee behavior. Information security policies inform employees about appropriate uses of information technology in an organization. Unfortunately, limited evidence exists that such policies effectively reduce confidentiality breaches or information loss. This article explores the possible reasons for this and reports on a survey aiming to detect the presence of these factors in a UK National Health Service health board. This article argues that you must pay attention to the entire system, instead of focusing merely on individuals in the system. The survey shows how the pressures on the organization's staff members and the rules imposed by the policies often place staff in an impossible or untenable position. They sometimes feel this leaves them no option but to break the rules just to do their work. The Web extra is a list of additional resources.
| Item Type: | Articles |
|---|---|
| Status: | Published |
| Refereed: | Yes |
| Glasgow Author(s) Enlighten ID: | Renaud, Professor Karen |
| Authors: | Renaud, K. |
| College/School: | College of Science and Engineering > School of Computing Science |
| Journal Name: | IEEE Security and Privacy Magazine |
| ISSN: | 1540-7993 |
University Staff: Request a correction | Enlighten Editors: Update this record
Deposit and Record Details
Deposit and Record Details