Rethinking the Prevailing Security Paradigm: Can User Empowerment with Traceability Reduce the Rate of Security Policy Circumvention?
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Jeon, Soohyun | - |
dc.contributor.author | Hovav, Anat | - |
dc.contributor.author | Han, Jinyoung | - |
dc.contributor.author | Alter, Steven | - |
dc.date.accessioned | 2021-09-02T08:33:41Z | - |
dc.date.available | 2021-09-02T08:33:41Z | - |
dc.date.created | 2021-06-16 | - |
dc.date.issued | 2018-08 | - |
dc.identifier.issn | 0095-0033 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/74203 | - |
dc.description.abstract | Information leakage is a major concern for organizations. As information travels through the organization's eco-system, perimeter-based defense is no longer sufficient. Rather, organizations are implementing data-centric solutions that persist throughout the information life-cycle regardless of its location. Enterprise rights management (ERM) systems are an example of persistent data-centric security. ERM defines specific access rules as an instantiation of organizational information security policies and has been suggested as means of role-based access permissions control. Yet, evidence shows that employees often circumvent or work around organizational security rules and policies since these controls hinder task-performance. In this exploratory case study, we use the theory of workarounds as a lens to examine users' workaround behavior. We introduce an empowerment-based ERM system highlighting users' permission to override provisionally assigned access rules. The concept of empowered security policies is novel and presents a shift in the current security compliance paradigm. Subsequently, we compare users' compliance intention between empowered ERM users and conventional ERM users. Our descriptive results indicate that circumventing intention is lower while perceived responsibility and task-performance benefits are higher for the empowered ERM users than for the conventional ERM users. Compliance intention is higher for conventional ERM users than for empowered ERM users. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | ASSOC COMPUTING MACHINERY | - |
dc.subject | FEAR APPEALS | - |
dc.subject | HEALTH-CARE | - |
dc.subject | INFORMATION | - |
dc.subject | DETERRENCE | - |
dc.subject | ACCESS | - |
dc.subject | IMPACT | - |
dc.subject | MODEL | - |
dc.title | Rethinking the Prevailing Security Paradigm: Can User Empowerment with Traceability Reduce the Rate of Security Policy Circumvention? | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Hovav, Anat | - |
dc.identifier.doi | 10.1145/3242734.3242739 | - |
dc.identifier.scopusid | 2-s2.0-85051925060 | - |
dc.identifier.wosid | 000440361800004 | - |
dc.identifier.bibliographicCitation | DATA BASE FOR ADVANCES IN INFORMATION SYSTEMS, v.49, no.3, pp.54 - 77 | - |
dc.relation.isPartOf | DATA BASE FOR ADVANCES IN INFORMATION SYSTEMS | - |
dc.citation.title | DATA BASE FOR ADVANCES IN INFORMATION SYSTEMS | - |
dc.citation.volume | 49 | - |
dc.citation.number | 3 | - |
dc.citation.startPage | 54 | - |
dc.citation.endPage | 77 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | ssci | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalResearchArea | Information Science & Library Science | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Information Science & Library Science | - |
dc.subject.keywordPlus | FEAR APPEALS | - |
dc.subject.keywordPlus | HEALTH-CARE | - |
dc.subject.keywordPlus | INFORMATION | - |
dc.subject.keywordPlus | DETERRENCE | - |
dc.subject.keywordPlus | ACCESS | - |
dc.subject.keywordPlus | IMPACT | - |
dc.subject.keywordPlus | MODEL | - |
dc.subject.keywordAuthor | Data-Centric Security | - |
dc.subject.keywordAuthor | Enterprise Rights Management | - |
dc.subject.keywordAuthor | Empowerment-Based ISSP | - |
dc.subject.keywordAuthor | Information Security Policy Compliance | - |
dc.subject.keywordAuthor | Information Security System | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.