Reducing normative conflicts in information security

Wolter Pieters, Lizzie Coles-Kemp

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    9 Citations (Scopus)

    Abstract

    Security weaknesses often stem from users trying to comply with social expectations rather than following security procedures. Such normative conflicts between security policies and social norms are therefore undesirable from a security perspective. It has been argued that system developers have a "meta-task responsibility", meaning that they have a moral obligation to enable the users of the system they design to cope adequately with their responsibilities. Depending on the situation, this could mean forcing the user to make an "ethical" choice, by "designing out" conflicts. In this paper, we ask the question to what extent it is possible to detect such potential normative conflicts in the design phase of security-sensitive systems, using qualitative research in combination with so-called system models. We then envision how security design might proactively reduce conflict by (a) designing out conflict where possible in the development of policies and systems, and (b) responding to residual and emergent conflict through organisational processes. The approach proposed in this paper is a so-called subcultural approach, where security policies are designed to be culturally sympathetic. Where normative conflicts either cannot be avoided or emerge later, the organisational processes are used to engage with subcultures to encourage communally-mediated control.
    Original languageEnglish
    Title of host publicationNSPW '11
    Subtitle of host publicationNew Security Paradigms Workshop
    Place of PublicationNew York, NY
    PublisherAssociation for Computing Machinery (ACM)
    Pages11-24
    Number of pages13
    ISBN (Print)978-1-4503-1078-9
    DOIs
    Publication statusPublished - Sep 2011
    Event2011 New Security Paradigms Workshop, NSPW 2011 - Marin County, United States
    Duration: 12 Sep 201115 Sep 2011

    Workshop

    Workshop2011 New Security Paradigms Workshop, NSPW 2011
    Abbreviated titleNSPW
    CountryUnited States
    CityMarin County
    Period12/09/1115/09/11

      Fingerprint

    Keywords

    • SCS-Cybersecurity
    • CR-K.6.5
    • Subcultures
    • Normative conflicts
    • Security policies
    • Human factors
    • Information Security
    • Policy alignment
    • System models
    • Meta-task responsibility

    Cite this

    Pieters, W., & Coles-Kemp, L. (2011). Reducing normative conflicts in information security. In NSPW '11: New Security Paradigms Workshop (pp. 11-24). New York, NY: Association for Computing Machinery (ACM). https://doi.org/10.1145/2073276.2073279