Blaming noncompliance is too convenient: What really causes information breaches?

IEEE Security and Privacy

Volumn 10, Issue 3, 2012, Pages 57-63

  Renaud, Karen ^a  

^a UNIVERSITY OF GLASGOW   (United Kingdom)

Author keywords

compliance; computer security; information breaches; information security; policies

Indexed keywords

COMPLIANCE; EMPLOYEE BEHAVIOR; ENTIRE SYSTEM; INFORMATION BREACHES; INFORMATION LOSS; INFORMATION SECURITY POLICIES; NATIONAL HEALTH SERVICES; STAFF MEMBERS;

BEHAVIORAL RESEARCH; INFORMATION TECHNOLOGY; PUBLIC POLICY; SECURITY SYSTEMS; SURVEYS;

SECURITY OF DATA;

EID: 84863482048     PISSN: 15407993     EISSN: None     Source Type: Journal    
DOI: 10.1109/MSP.2011.157     Document Type: Article

References (15)

1. CSI Computer Crime and Security Survey, Computer Security Inst., 2009.
2. P.F. Drucker, "Management and the World's Work," Harvard Business Rev., Sept. 1988, pp. 65-76.
3. C. Vermeulen and R. von Solms, "The Information Security Management Toolbox-Taking the Pain out of Security Management," Information Management & Computer Security, vol. 10, no. 3, 2002, pp. 119-125.
4. M.E. Thomson and R. von Solms, "Information Security Awareness: Educating Your Users Effectively," Information Management & Computer Security, vol. 6, no. 4, 1998, pp. 167-173.
5. P. Mascini, "The Blameworthiness of Health and Safety Rule Violations," Law & Policy, vol. 27, no. 3, 2005, pp. 472-490.
6. A. Adams and M.A. Sasse, "Users Are Not the Enemy: Why Users Compromise Security Mechanisms and How to Take Remedial Measures," Comm. ACM, vol. 42, no. 12, 1999, pp. 40-46.
7. D. Florêncio and C. Herley, "A Large-Scale Study of Web Password Habits," Proc. 16th Ann. Conf. World Wide Web (WWW 07), ACM, 2007, pp. 657-666.
8. J. Finegan, "The Impact of Personal Values on Judgments of Ethical Behaviour in the Workplace," J. Business Ethics, vol. 13, no. 9, 1994, pp. 747-755.
9. J.E. Driskell and E. Salas, Stress and Human Performance, Lawrence Erlbaum, 1996.
10. E.B. Dent and S. Galloway Goldberg, "Challenging 'Resistance to Change,'" J. Applied Behavioral Science, vol. 35, no. 1, 1999, pp. 25-41.
11. K. Höne and J.H.P. Eloff, "What Makes an Effective Information Security Policy?," Network Security, June 2002, pp. 14-16.
12. J.K. White and R.A. Ruh, "Effects of Personal Values on the Relationship between Participation and Job Attitudes," Administrative Science Q., vol. 18, no. 4, 1973, pp. 506-514.
13. A.E. Bauman et al., "Asthma Information: Can It Be Understood?," Health Education Research, vol. 4, no. 3, 1989, pp. 377-382.
14. P. Slovic and A. Tversky, "Who Accepts Savage's Axiom?," Behavioral Science, vol. 19, no. 6, 1974, pp. 368-373.
15. A. Degani, "Pilot Error in the 90s: Still Alive and Kicking," keynote address at 44th Ann. Meeting Flight Safety Foundation/Nat'l Business Aviation Assoc. (FSF/NBAA 99), 1999; http://ti.arc.nasa.gov/m/profile/adegani/ Pilot%20Error%20in%20the%2090s.pdf.