CHAPTER 8: HOW USERS MAKE DECISIONS

It is not easy to gain insight into employee behaviour without contributions from people who are willing and able to honestly share their opinion on information security issues.

Kirlappos, Beautement and Sasse,18 as part of their research, managed to build strong relationships with a number of organisations in the telecommunications and energy sectors who readily allowed access to their employees for the purposes of studying their compliance behaviour. The employees were assured that no sanctions would be imposed as a result of their participation.

The researchers conducted a series of interviews and identified three common reasons for non-compliance, which include those shown in Figure 8.

Figure 8: Common ...

Get The Psychology of Information Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.