Home → Magazine Archive → December 2009 (Vol. 52, No. 12) → December 2009 (Vol. 52, No. 12) → Abstract

Are Employees Putting Your Company At Risk By Not Following Information Security Policies?

By Mikko Siponen, M. Adam Mahmood, Seppo Pahnila

Communications of the ACM, Vol. 52 No. 12, Pages 145-147

Careless employees, who do not follow information security policies, constitute a serious threat to their organization. We conducted a field survey in order to understand which factors help towards employees' compliance with these security policies. Our research shows that the visibility of the desired practices and normative expectations of peers will provide a solid foundation towards employees complying with these policies.

The full text of this article is premium content


No entries found