Key points are not available for this paper at this time.
Over the years, various observers have commented upon the imbalance in organisations' approaches to security. In many cases, significantly more attention appears to be devoted to technical aspects rather than those relating to people and processes. However, if survey findings are to be believed, there are at least signs of practices having improved in more recent times. Despite being exposed to the same policies and related training, employees within an organisation can exhibit very different security behaviours. Professor Steven Furnell and Anish Rajendran of Plymouth University propose a model that more fully identifies the factors influencing security behaviour and compliance. It considers forces that originate within the workplace, alongside various workplace-independent factors that might also affect security behaviour. The role of personality is considered within this model, as is the potential for inconsistencies to arise due to situational factors. Organisations might then use these insights to differentiate security-compliant from non-compliant employees and produce effective mitigation plans.
Furnell et al. (Thu,) studied this question.