CHAPTER 50

USING SOCIAL PSYCHOLOGY TO IMPLEMENT SECURITY POLICIES

M. E. Kabay, Bridgitt Robertson, Mani Akella, and D. T. Lang

50.1 INTRODUCTION

50.2 RATIONALITY IS NOT ENOUGH

50.2.1 Schema

50.2.2 Theories of Personality

50.2.3 Explanations of Behavior

50.2.4 Errors of Attribution

50.2.5 Intercultural Differences

50.2.6 Framing Reality

50.2.7 Getting Your Security Policies Across

50.2.8 Reward versus Punishment

50.3 BELIEFS AND ATTITUDES

50.3.1 Beliefs

50.3.2 Attitudes

50.3.3 Changing Attitudes toward Security

50.4 ENCOURAGING INITIATIVE

50.4.1 Prosocial Behavior

50.4.2 Conformity, Compliance, and Obedience

50.5 GROUP BEHAVIOR

50.5.1 Social Arousal

50.5.2 Locus of Control

50.5.3 Group Polarization

50.5.4 Groupthink

50.6 TECHNOLOGICAL GENERATION GAPS

50.7 SUMMARY OF RECOMMENDATIONS

50.8 FURTHER READING

50.9 NOTES

50.1 INTRODUCTION¹.

Most security personnel have commiserated with colleagues about the difficulty of getting people to pay attention to security policies—to comply with what seems like good common sense. They shake their heads in disbelief as they recount tales of employees who hold secured doors open for their workmates—or for total strangers, thereby rendering million-dollar card-access systems useless. In large organizations, upper managers who decline to wear their identification badges discover that soon no one else will either. In trying to implement security policies, practitioners sometimes feel that they are involved in turf wars and personal vendettas rather ...