Awareness is only the first step

Improving cyber security awareness is often assumed to improve cyber security, however this paper suggests it’s necessary for people to be engaged in cyber security in order to make people a robust cyber defence. The paper builds a model for engaging people in...

“Shadow Security” as a tool for the learning organization

Traditionally, organizations manage information security through policies and mechanisms that employees are expected to comply with. Noncompliance with security is regarded as undesirable, and often sanctions are threatened to deter it. But in a recent study, we...