Organisational security policies are often written without sufficiently taking in to account the goals and capabilities of the employees that must follow them. Effective security management requires that security managers are able to assess the effectiveness of their...
Information security has adapted to the modern collaborative organisational nature, and abandoned “command-and-control” approaches of the past. But when it comes to managing employee’s information security behaviour, many organisations still use policies proscribing...
This paper finds individuals comply with security practices up to a certain point only, after which point compliance wains. Organisations can influence an individual’s perception of where the compliance threshold lies so long as they know of and can manipulate...
