IS and Cybersecurity Practice : avoiding self-sabotage

Bednar, Peter; Welch, Christine; Sadok, Moufida

IS and Cybersecurity Practice : avoiding self-sabotage

Mark

Bednar, Peter ^LU ; Welch, Christine and Sadok, Moufida (2023) 9th International Conference on Socio-Technical Perspective in Information Systems Development, STPIS 2023 In CEUR Workshop Proceedings 3598. p.138-145

Abstract: In this paper, we explore cybersecurity from a sociotechnical work-system perspective and focus on the visibility and effectiveness of security practices as part of the everyday work practices of typical employees. The empirical inquiry involved 471 employees from 259 different organizations, drawn from both private and public sectors using semi-structured interviews and conducted from an interpretive stance. Employees interviewed were all expected to follow cybersecurity practices but were not involved in the development of such. The key findings reveal that actual work practices and routines of most employees were either ignored or insufficiently intertwined with security management efforts. Consequently, engagement and participation... (More); In this paper, we explore cybersecurity from a sociotechnical work-system perspective and focus on the visibility and effectiveness of security practices as part of the everyday work practices of typical employees. The empirical inquiry involved 471 employees from 259 different organizations, drawn from both private and public sectors using semi-structured interviews and conducted from an interpretive stance. Employees interviewed were all expected to follow cybersecurity practices but were not involved in the development of such. The key findings reveal that actual work practices and routines of most employees were either ignored or insufficiently intertwined with security management efforts. Consequently, engagement and participation by professionals are needed to promote the design of work systems that are not only user-friendly but also genuinely supportive of meaningful use in context.
(Less)

Please use this url to cite or link to this publication: https://lup.lub.lu.se/record/f18ce0da-8748-4690-b71a-1d891a5c95f6

author

Bednar, Peter ^LU ; Welch, Christine and Sadok, Moufida

organization

Department of Informatics

publishing date

2023

type

Chapter in Book/Report/Conference proceeding

publication status

published

subject

Information Systems, Social aspects

keywords

Cybersecurity Practice, Information Systems, Sociotechnical, Sustainable Cybersecurity, Work-system

host publication

Proceedings of the 9th International Conference on Socio-Technical Perspective in Information Systems Development (STPIS 2023)

series title

CEUR Workshop Proceedings

volume

3598

pages

8 pages

conference name

9th International Conference on Socio-Technical Perspective in Information Systems Development, STPIS 2023

conference location

Hybrid, Portsmouth, United Kingdom

conference dates

2023-10-27 - 2023-10-28

external identifiers

scopus:85181154895

ISSN

1613-0073

language

English

LU publication?

yes

id

f18ce0da-8748-4690-b71a-1d891a5c95f6

alternative location

https://ceur-ws.org/Vol-3598/paper12.pdf

date added to LUP

2024-02-16 11:28:02

date last changed

2024-02-16 11:29:32

@inproceedings{f18ce0da-8748-4690-b71a-1d891a5c95f6,
  abstract     = {{<p>In this paper, we explore cybersecurity from a sociotechnical work-system perspective and focus on the visibility and effectiveness of security practices as part of the everyday work practices of typical employees. The empirical inquiry involved 471 employees from 259 different organizations, drawn from both private and public sectors using semi-structured interviews and conducted from an interpretive stance. Employees interviewed were all expected to follow cybersecurity practices but were not involved in the development of such. The key findings reveal that actual work practices and routines of most employees were either ignored or insufficiently intertwined with security management efforts. Consequently, engagement and participation by professionals are needed to promote the design of work systems that are not only user-friendly but also genuinely supportive of meaningful use in context.</p>}},
  author       = {{Bednar, Peter and Welch, Christine and Sadok, Moufida}},
  booktitle    = {{Proceedings of the 9th International Conference on Socio-Technical Perspective in Information Systems Development (STPIS 2023)}},
  issn         = {{1613-0073}},
  keywords     = {{Cybersecurity Practice; Information Systems; Sociotechnical; Sustainable Cybersecurity; Work-system}},
  language     = {{eng}},
  pages        = {{138--145}},
  series       = {{CEUR Workshop Proceedings}},
  title        = {{IS and Cybersecurity Practice : avoiding self-sabotage}},
  url          = {{https://ceur-ws.org/Vol-3598/paper12.pdf}},
  volume       = {{3598}},
  year         = {{2023}},
}

Lund University Publications

LUND UNIVERSITY LIBRARIES

IS and Cybersecurity Practice : avoiding self-sabotage