The Security Awareness Paradox: A Case Study
2014 (English)In: Advances in Social Networks Analysis and Mining (ASONAM), 2014 IEEE/ACM International Conference on, IEEE conference proceedings, 2014, 704-711 p.Conference paper (Refereed)
Knowledge-intensive organizations are characterized by their dependency on highly skilled personnel who perform their daily work in a decentralized manner. In these organizations it is the users who make the important decisions, and therefore the organization’s information security awareness is upheld by and depends on its users’ combined security awareness. To assess the overall organizational security awareness it therefore becomes interesting to assess both the users’ individual level of securityawareness, as well as their level of consistency and conformity with regard to other users’ awareness. In the present case study, 15 semi-structured interviews have been undertaken within a large telecommunication companyin order to understand how significant IT security aspectsare understood within the organization. The study highlights a number of perception differences where the technical IT staff and the ordinary users do not share the same understanding. It is suggested that these perception differences result from a paradoxical situation where the users’ possibility to uphold security awareness is hindered because of security concerns.
Place, publisher, year, edition, pages
IEEE conference proceedings, 2014. 704-711 p.
User awareness, IT security, paradoxical reasoning
Research subject Human-computer Interaction; Information and Communication Technology
IdentifiersURN: urn:nbn:se:kth:diva-154083DOI: 10.1109/ASONAM.2014.6921663ScopusID: 2-s2.0-84911164336OAI: oai:DiVA.org:kth-154083DiVA: diva2:755241
International Conference on Advances in Social Networks Analysis and Mining (ASONAM),China, 2014
QC 201411062014-10-142014-10-142014-11-06Bibliographically approved