This evaluation of end-users and IT experts/managers’ attitudes towards performing IT security tasks indicates important differences between their perspectives on what is and is not necessary to establish a secure corporate IT environment. Through a series of case studies, this research illustrates that making it easier for end-users to comply does not necessarily equate to enhanced implementation of security measures. End-users want to be autonomous, competent, self-motivated and active participants in the development of secure environments. However, managers and experts want to limit autonomy to ensure that procedures are followed closely, rather than permitting flexibility.

This results in the creation of environments that are intrinsically de-motivating rather than motivating end-users to become self-determined and self-regulating co-creators of a secure IT environment.

The paper also discusses alternative approaches to developing a human system that works for end-users and experts.

 

Publication Date: January 2017

Your Authors
Hiep Cong Pham
Hiep Cong Pham
RMIT Vietnam
Duy Dang Pham
Duy Dang Pham
RMIT Vietnam
Linda Brennan
Linda Brennan
RMIT University
Joan Richardson
Joan Richardson
RMIT University