Adam Beautement scite author profile

Adam Beautement

5Publications

140Citation Statements Received

32Citation Statements Given

How they've been cited

315

138

How they cite others

Affiliations

University College London

Publications

Order By: Most citations

“Comply or Die” Is Dead: Long Live Security-Aware Principal Agents

Kirlappos

Beautement

Sasse

2013

View full text Add to dashboard Cite

Abstract.Information security has adapted to the modern collaborative organisational nature, and abandoned "command-andcontrol" approaches of the past. But when it comes to managing employee's information security behaviour, many organisations still use policies proscribing behaviour and sanctioning non-compliance. Whilst many organisations are aware that this "comply or die" approach does not work for modern enterprises where employees collaborate, share, and show initiative, they do not have an alternative approach to fostering secure behaviour. We present an interview analysis of 126 employees' reasons for not complying with organisational policies, identifying the perceived conflict of security with productive activities as the key driver for non-compliance and confirm the results using a survey of 1256 employees. We conclude that effective problem detection and security measure adaptation needs to be de-centralised -employees are the principal agents who must decide how to implement security in specific contexts. But this requires a higher level of security awareness and skills than most employees currently have. Any campaign aimed at security behaviour needs to transform employee's perception of their role in security, transforming them to security-aware principal agents.Keywords: Information security management, compliance, decision-making The need for Information SecurityOrganisations today face an ever-increasing number of information security threats: intellectual property theft can severely impact competitiveness, loss of customer information can damage corporate profiles and loss of access to corporate systems can impact the organisation's productivity [1]. Despite the significant amount of time being invested in producing effective security solutions by researchers and industry experts, the challenges and potential threats organisations face today are higher than ever [1].

show abstract

Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security

Beautement¹,

Coles²,

Griffin³

et al. 2008

View full text Add to dashboard Cite

Organizations deploy systems technologies in order to support their operations and achieve their business objectives. In so doing, they encounter tensions between the confidentiality, integrity, and availability of information, and must make investments in information security measures to address these concerns. We discuss how a macroeconomics-inspired model, analogous to models of interest rate policy used by central banks, can be used to understand trade-offs between investments against threats to confidentiality and availability. We investigate how such a model might be formulated by constructing a process model, based on empirically obtained data, of the use of USB memory sticks by employees of a financial services company.

show abstract

The compliance budget

2008

View full text Add to dashboard Cite

The economics of user effort in information security

Beautement¹,

Sasse²

2009

Computer Fraud & Security

View full text Add to dashboard Cite

Employee Rule Breakers, Excuse Makers and Security Champions:

Beris

Beautement

Sasse

2015

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Adam Beautement

“Comply or Die” Is Dead: Long Live Security-Aware Principal Agents

Modelling the Human and Technological Costs and Benefits of USB Memory Stick Security

The compliance budget

The economics of user effort in information security

Employee Rule Breakers, Excuse Makers and Security Champions:

Contact Info

Product

Resources

About