In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Third International Conference on Human Aspects of Information Security & Assurance (HAISA 2009)
Title: Do organizational security measures contribute to the detection and reporting of IT-system abuses?
Author(s): Janne Merete Hagen, Paal Spilling
Keywords: Computer crime, incident reporting, information security
Abstract: The paper presents a study of IT systems abuses, based on 390 responses from the Norwegian Computer Crime Survey 2006, and qualitative data from personal interviews of 94 employees in four enterprises required to obey the Norwegian Security Act. The aim of the study has been to shed light on a handful organizational security measures that contribute to the detection and reporting of security incidents. The results confirm significant positive correlations between organizational security measures and reporting of IT abuse incidents. But personal beliefs and judgements of the observed security breaches, however, influence the willingness to report colleagues to security management. Moreover, the results show that the reporting regime in Norwegian enterprises is too loose and the punishment too low to confirm any strong deterrent effect on employees, and most IT abuse incidents are regarded to be insignificant and not considered as criminal incidents.
Download count: 1564
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.