IS and Cybersecurity Practice : avoiding self-sabotage
(2023) 9th International Conference on Socio-Technical Perspective in Information Systems Development, STPIS 2023 In CEUR Workshop Proceedings 3598. p.138-145- Abstract
In this paper, we explore cybersecurity from a sociotechnical work-system perspective and focus on the visibility and effectiveness of security practices as part of the everyday work practices of typical employees. The empirical inquiry involved 471 employees from 259 different organizations, drawn from both private and public sectors using semi-structured interviews and conducted from an interpretive stance. Employees interviewed were all expected to follow cybersecurity practices but were not involved in the development of such. The key findings reveal that actual work practices and routines of most employees were either ignored or insufficiently intertwined with security management efforts. Consequently, engagement and participation... (More)
In this paper, we explore cybersecurity from a sociotechnical work-system perspective and focus on the visibility and effectiveness of security practices as part of the everyday work practices of typical employees. The empirical inquiry involved 471 employees from 259 different organizations, drawn from both private and public sectors using semi-structured interviews and conducted from an interpretive stance. Employees interviewed were all expected to follow cybersecurity practices but were not involved in the development of such. The key findings reveal that actual work practices and routines of most employees were either ignored or insufficiently intertwined with security management efforts. Consequently, engagement and participation by professionals are needed to promote the design of work systems that are not only user-friendly but also genuinely supportive of meaningful use in context.
(Less)
- author
- Bednar, Peter LU ; Welch, Christine and Sadok, Moufida
- organization
- publishing date
- 2023
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- published
- subject
- keywords
- Cybersecurity Practice, Information Systems, Sociotechnical, Sustainable Cybersecurity, Work-system
- host publication
- Proceedings of the 9th International Conference on Socio-Technical Perspective in Information Systems Development (STPIS 2023)
- series title
- CEUR Workshop Proceedings
- volume
- 3598
- pages
- 8 pages
- conference name
- 9th International Conference on Socio-Technical Perspective in Information Systems Development, STPIS 2023
- conference location
- Hybrid, Portsmouth, United Kingdom
- conference dates
- 2023-10-27 - 2023-10-28
- external identifiers
-
- scopus:85181154895
- ISSN
- 1613-0073
- language
- English
- LU publication?
- yes
- id
- f18ce0da-8748-4690-b71a-1d891a5c95f6
- alternative location
- https://ceur-ws.org/Vol-3598/paper12.pdf
- date added to LUP
- 2024-02-16 11:28:02
- date last changed
- 2024-02-16 11:29:32
@inproceedings{f18ce0da-8748-4690-b71a-1d891a5c95f6, abstract = {{<p>In this paper, we explore cybersecurity from a sociotechnical work-system perspective and focus on the visibility and effectiveness of security practices as part of the everyday work practices of typical employees. The empirical inquiry involved 471 employees from 259 different organizations, drawn from both private and public sectors using semi-structured interviews and conducted from an interpretive stance. Employees interviewed were all expected to follow cybersecurity practices but were not involved in the development of such. The key findings reveal that actual work practices and routines of most employees were either ignored or insufficiently intertwined with security management efforts. Consequently, engagement and participation by professionals are needed to promote the design of work systems that are not only user-friendly but also genuinely supportive of meaningful use in context.</p>}}, author = {{Bednar, Peter and Welch, Christine and Sadok, Moufida}}, booktitle = {{Proceedings of the 9th International Conference on Socio-Technical Perspective in Information Systems Development (STPIS 2023)}}, issn = {{1613-0073}}, keywords = {{Cybersecurity Practice; Information Systems; Sociotechnical; Sustainable Cybersecurity; Work-system}}, language = {{eng}}, pages = {{138--145}}, series = {{CEUR Workshop Proceedings}}, title = {{IS and Cybersecurity Practice : avoiding self-sabotage}}, url = {{https://ceur-ws.org/Vol-3598/paper12.pdf}}, volume = {{3598}}, year = {{2023}}, }