MATYÁŠ, Václav, Kamil MALINKA, Lydia KRAUS, Lenka KNAPOVÁ and Agáta KRUŽÍKOVÁ. Even if users do not read security directives, their behavior is not so catastrophic. Communications of the ACM. New York, NY, USA: ACM, 2022, vol. 65, No 1, p. 37-40. ISSN 0001-0782. Available from: https://dx.doi.org/10.1145/3471928.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Even if users do not read security directives, their behavior is not so catastrophic
Authors MATYÁŠ, Václav (203 Czech Republic, belonging to the institution), Kamil MALINKA (203 Czech Republic, belonging to the institution), Lydia KRAUS (276 Germany, belonging to the institution), Lenka KNAPOVÁ (203 Czech Republic, belonging to the institution) and Agáta KRUŽÍKOVÁ (203 Czech Republic, belonging to the institution).
Edition Communications of the ACM, New York, NY, USA, ACM, 2022, 0001-0782.
Other information
Original language English
Type of outcome Article in a journal
Field of Study 10201 Computer sciences, information science, bioinformatics
Country of publisher United States of America
Confidentiality degree is not subject to a state or trade secret
WWW URL
Impact factor Impact factor: 22.700
RIV identification code RIV/00216224:14330/22:00124955
Organization unit Faculty of Informatics
Doi http://dx.doi.org/10.1145/3471928
UT WoS 000731456200014
Keywords in English security policy; usable security; user behaviour
Tags International impact, Reviewed
Changed by Changed by: RNDr. Pavel Šmerk, Ph.D., učo 3880. Changed: 5/4/2023 13:25.
Abstract
We discuss an effort undertaken at Masaryk University (MU) – a Czech university with some 30.000 students – where we tried to improve our security directive to motivate users to follow it. From the research perspective, we also wanted to find out more about the current state of affairs from the user perspective: Do users (still not) follow the security policy? At the same time, the fact that our university IT infrastructure management had the intention to redesign the (outdated) security directive, constituted an ideal opportunity for us to deeper investigate the topic. And our initial faith has been hit hard – as we describe in some detail in this viewpoint, but it wasn’t a wasted effort at all. The data we obtained as a side effect shows a new perspective on this area.
Links
EF16_019/0000822, research and development projectName: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur
PrintDisplayed: 4/10/2024 10:24