Mar 15, 2015 | Research
Traditionally, organizations manage information security through policies and mechanisms that employees are expected to comply with. Noncompliance with security is regarded as undesirable, and often sanctions are threatened to deter it. But in a recent study, we...Mar 15, 2014 | Research
Over the past decade, security researchers and practitioners have tried to understand why employees do not comply with organizational security policies and mechanisms. Past research has treated compliance as a binary decision: people comply, or they do not. From our...Jul 2, 2013 | Research
Information security has adapted to the modern collaborative organisational nature, and abandoned “command-and-control” approaches of the past. But when it comes to managing employee’s information security behaviour, many organisations still use policies proscribing...Mar 31, 2012 | Research
User education must focus on challenging and correcting the misconceptions that guide current user behavior. To date, user education on phishing has tried to persuade them to check URLs and a number of other indicators, with limited success. The authors evaluate a...