Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Workarounds and trade-offs in information security – an exploratory study

Workarounds and trade-offs in information security – an exploratory study PurposeThe purpose of this paper is to investigate relationships between workarounds (solutions to handling trade-offs between competing or misaligned goals and gaps in policies and procedures), perceived trade-offs, information security (IS) policy compliance, IS expertise/knowledge and IS demands.Design/methodology/approachThe research purpose is addressed using survey data from a nationwide sample of Swedish white-collar workers (N = 156).FindingsResponses reinforce the notion that workarounds partly are something different from IS policy compliance and that workarounds-as-improvisations are used more frequently by employees that see more conflicts between IS and other goals (r = 0.351), and have more IS expertise/knowledge (r = 0.257). Workarounds-as-non-compliance are also used more frequently when IS trade-offs are perceived (r = 0.536). These trade-offs are perceived more by people working in organizations that handle information with high security demands (r = 0.265) and those who perform tasks with high IS demands (r = 0.178).Originality/valueIS policies are an important part of IS governance. They describe the procedures that are supposed to provide IS. Researchers have primarily investigated how employees’ compliance with IS policies can be predicted and explained. There has been an increased interest in how tradeoffs and conflicts between following policies and other goals lead employees to make workarounds. Workarounds may leave management unaware of how work actually is done within the organization and may besides getting work done lead to new vulnerabilities. This study furthers the understanding of workarounds and trade-offs, which should be subject to further research. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information & Computer Security Emerald Publishing

Workarounds and trade-offs in information security – an exploratory study

Information & Computer Security , Volume 25 (4): 19 – Oct 9, 2017

Loading next page...
 
/lp/emerald-publishing/workarounds-and-trade-offs-in-information-security-an-exploratory-GnG9dKAfMd
Publisher
Emerald Publishing
Copyright
Copyright © Emerald Group Publishing Limited
ISSN
2056-4961
DOI
10.1108/ICS-02-2016-0017
Publisher site
See Article on Publisher Site

Abstract

PurposeThe purpose of this paper is to investigate relationships between workarounds (solutions to handling trade-offs between competing or misaligned goals and gaps in policies and procedures), perceived trade-offs, information security (IS) policy compliance, IS expertise/knowledge and IS demands.Design/methodology/approachThe research purpose is addressed using survey data from a nationwide sample of Swedish white-collar workers (N = 156).FindingsResponses reinforce the notion that workarounds partly are something different from IS policy compliance and that workarounds-as-improvisations are used more frequently by employees that see more conflicts between IS and other goals (r = 0.351), and have more IS expertise/knowledge (r = 0.257). Workarounds-as-non-compliance are also used more frequently when IS trade-offs are perceived (r = 0.536). These trade-offs are perceived more by people working in organizations that handle information with high security demands (r = 0.265) and those who perform tasks with high IS demands (r = 0.178).Originality/valueIS policies are an important part of IS governance. They describe the procedures that are supposed to provide IS. Researchers have primarily investigated how employees’ compliance with IS policies can be predicted and explained. There has been an increased interest in how tradeoffs and conflicts between following policies and other goals lead employees to make workarounds. Workarounds may leave management unaware of how work actually is done within the organization and may besides getting work done lead to new vulnerabilities. This study furthers the understanding of workarounds and trade-offs, which should be subject to further research.

Journal

Information & Computer SecurityEmerald Publishing

Published: Oct 9, 2017

References