Seminar by Prof. Steven Furnell from the University of Plymouth, UK
Whether explicitly stated or not, achieving security policy compliance is desirable for all organisations. There are, of course, some fundamental prerequisites for doing so. Firstly, there needs to be a policy, and then staff need to be suitably aware of it, and unfortunately, many organisations still fail at these points! Even beyond this, however, there are various issues that may have influence at the individual level (including security awareness, acceptance, behaviour and culture), as well as factors that will further affect their compliance potential (such as provision of training, the presence of rewards and sanctions, and the usability of technology).
The presentation will consider the resultant challenge that organisations can face, as well some of the tactics that may be used to encourage compliant behaviour. These include the potential to recognise and reward good behaviour, as well as the feasibility of tracking compliance in order to trigger targeted interventions. The discussion will also highlight the more general point that it is easier for staff to be compliant if they are adequately supported and guided towards doing so.
Speaker Biography
Prof. Steven Furnell is the head of the Centre for Security, Communications & Network Research at Plymouth University in the United Kingdom, an Adjunct Professor with Edith Cowan University in Western Australia, and an Honorary Professor with Nelson Mandela Metropolitan University in South Africa. His interests include security management and culture, computer crime, user authentication, and security usability. Prof. Furnell is the current chair of Technical Committee 11 (Information Security and Privacy) within the International Federation for Information Processing (IFIP), and a Board member and Fellow of the Institute of Information Security Professionals (IISP). He is the author of over 290 papers in refereed international journals and conference proceedings, as well as books including Cybercrime: Vandalizing the Information Society, and Computer Insecurity: Risking the System. He is also the editor-in-chief of Information & Computer Security, and the co-chair of the Human Aspects of Information Security & Assurance (HAISA) symposium. Further details can be found at the CSCAN website, with a variety of security podcasts also available. Steve can also be followed on Twitter (@smfurnell).