Skip to main content

Lund University Publications

LUND UNIVERSITY LIBRARIES

Information Security : Still Not my Job!

Bednar, Peter LU and Sadok, Moufida (2024) In Lecture Notes in Information Systems and Organisation 73. p.63-74
Abstract

The research presented in this paper is based on interviews with 51 employees from 51 different organizations (including private and public sectors). Employees were interviewed more than once, over a period of 6 months, each interview lasted between 30 min to 1 h. The discussion in this paper is based on interviews during sessions which were explicitly dedicated to Information Systems and Cybersecurity as themes and focus. The majority of the interviewees were professionals who were not IT people [four interviewees had IT-related jobs]. The interviewees were all employees who, according to their own description, handle sensitive data and therefore, should take security considerations into account while doing their job. The research... (More)

The research presented in this paper is based on interviews with 51 employees from 51 different organizations (including private and public sectors). Employees were interviewed more than once, over a period of 6 months, each interview lasted between 30 min to 1 h. The discussion in this paper is based on interviews during sessions which were explicitly dedicated to Information Systems and Cybersecurity as themes and focus. The majority of the interviewees were professionals who were not IT people [four interviewees had IT-related jobs]. The interviewees were all employees who, according to their own description, handle sensitive data and therefore, should take security considerations into account while doing their job. The research findings put some doubt both on whether or not security is seen as part of non-IT professionals’ job responsibility, or even if it is possible for non-IT professionals to take responsibility in the context of their actual work practices. This suggests that information security is, according to employees in many organizations, still viewed as an overlay on top of other tasks and responsibilities.

(Less)
Please use this url to cite or link to this publication:
author
and
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
keywords
IS and cybersecurity, Sociotechnical security, Workplace cybersecurity
host publication
Lecture Notes in Information Systems and Organisation
series title
Lecture Notes in Information Systems and Organisation
volume
73
pages
12 pages
publisher
Springer Science and Business Media B.V.
external identifiers
  • scopus:85215108234
ISSN
2195-4976
2195-4968
DOI
10.1007/978-3-031-76970-2_5
language
English
LU publication?
yes
additional info
Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
id
1c0615ed-c861-4c62-88cf-f2d4e1acc8f5
date added to LUP
2025-05-06 15:13:07
date last changed
2025-05-06 15:14:29
@inbook{1c0615ed-c861-4c62-88cf-f2d4e1acc8f5,
  abstract     = {{<p>The research presented in this paper is based on interviews with 51 employees from 51 different organizations (including private and public sectors). Employees were interviewed more than once, over a period of 6 months, each interview lasted between 30 min to 1 h. The discussion in this paper is based on interviews during sessions which were explicitly dedicated to Information Systems and Cybersecurity as themes and focus. The majority of the interviewees were professionals who were not IT people [four interviewees had IT-related jobs]. The interviewees were all employees who, according to their own description, handle sensitive data and therefore, should take security considerations into account while doing their job. The research findings put some doubt both on whether or not security is seen as part of non-IT professionals’ job responsibility, or even if it is possible for non-IT professionals to take responsibility in the context of their actual work practices. This suggests that information security is, according to employees in many organizations, still viewed as an overlay on top of other tasks and responsibilities.</p>}},
  author       = {{Bednar, Peter and Sadok, Moufida}},
  booktitle    = {{Lecture Notes in Information Systems and Organisation}},
  issn         = {{2195-4976}},
  keywords     = {{IS and cybersecurity; Sociotechnical security; Workplace cybersecurity}},
  language     = {{eng}},
  pages        = {{63--74}},
  publisher    = {{Springer Science and Business Media B.V.}},
  series       = {{Lecture Notes in Information Systems and Organisation}},
  title        = {{Information Security : Still Not my Job!}},
  url          = {{http://dx.doi.org/10.1007/978-3-031-76970-2_5}},
  doi          = {{10.1007/978-3-031-76970-2_5}},
  volume       = {{73}},
  year         = {{2024}},
}