This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Human Relationships: A Never-Ending Security Education Challenge?
July/August 2009 (vol. 7 no. 4)
pp. 65-67
Janne Hagen, Norwegian Defense Research Establishment
Even with high usability of security measures, well-trained and loyal employees don't always behave according to security guidance and may thus represent a security risk. This unexpected behavior is explained by a chain of barriers that employees must overcome to achieve a compliant behavior with security policy requirements. The findings the author reports here open up a discussion on how current information security education might benefit from including more subjects on the human factor.

1. J.M. Hagen, "The Human Factor behind the Security Perimeter: Evaluating the Effectiveness of Organizational Information Security Measures and Employees' Contribution to Security," PhD dissertation submitted to the University of Oslo for defense, 2009.
2. E. Albrechtsen, Friend or Foe? Information Security Management of Employees, PhD dissertation, Norwegian Univ. Science and Technology, 2008.
3. A. Whitten and J.D. Tygar, "Why Johnny Can't Encrypt: A Usability Evaluation of PGP 5.0," Proc. 8th Conf. Usenix Security Symp., Usenix Assoc., 1999, p. 14.
4. R. Morris and K. Thompson, "Password Security: A Case History," Comm. ACM, vol. 22, no. 11, 1979, pp. 594–597.

Index Terms:
Education, security and privacy, information security, human factors, security usability
Citation:
Janne Hagen, "Human Relationships: A Never-Ending Security Education Challenge?," IEEE Security & Privacy, vol. 7, no. 4, pp. 65-67, July-Aug. 2009, doi:10.1109/MSP.2009.92
Usage of this product signifies your acceptance of the Terms of Use.