TY - CHAP
T1 - Information security
T2 - still not my job!
AU - Bednar, Peter
AU - Sadok, Moufida
N1 - Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.
PY - 2024/12/28
Y1 - 2024/12/28
N2 - The research presented in this paper is based on interviews with 51 employees from 51 different organizations (including private and public sectors). Employees were interviewed more than once, over a period of 6 months, each interview lasted between 30 min to 1 h. The discussion in this paper is based on interviews during sessions which were explicitly dedicated to Information Systems and Cybersecurity as themes and focus. The majority of the interviewees were professionals who were not IT people [four interviewees had IT-related jobs]. The interviewees were all employees who, according to their own description, handle sensitive data and therefore, should take security considerations into account while doing their job. The research findings put some doubt both on whether or not security is seen as part of non-IT professionals’ job responsibility, or even if it is possible for non-IT professionals to take responsibility in the context of their actual work practices. This suggests that information security is, according to employees in many organizations, still viewed as an overlay on top of other tasks and responsibilities.
AB - The research presented in this paper is based on interviews with 51 employees from 51 different organizations (including private and public sectors). Employees were interviewed more than once, over a period of 6 months, each interview lasted between 30 min to 1 h. The discussion in this paper is based on interviews during sessions which were explicitly dedicated to Information Systems and Cybersecurity as themes and focus. The majority of the interviewees were professionals who were not IT people [four interviewees had IT-related jobs]. The interviewees were all employees who, according to their own description, handle sensitive data and therefore, should take security considerations into account while doing their job. The research findings put some doubt both on whether or not security is seen as part of non-IT professionals’ job responsibility, or even if it is possible for non-IT professionals to take responsibility in the context of their actual work practices. This suggests that information security is, according to employees in many organizations, still viewed as an overlay on top of other tasks and responsibilities.
KW - IS and cybersecurity
KW - sociotechnical security
KW - workplace cybersecurity
UR - http://www.scopus.com/inward/record.url?scp=85215108234&partnerID=8YFLogxK
U2 - 10.1007/978-3-031-76970-2_5
DO - 10.1007/978-3-031-76970-2_5
M3 - Chapter (peer-reviewed)
AN - SCOPUS:85215108234
SN - 9783031769696
T3 - Lecture Notes in Information Systems and Organisation
SP - 63
EP - 74
BT - Navigating Digital Transformation
A2 - Agrifoglio, Rocco
A2 - Lazazzara, Alessandra
A2 - Za, Stefano
PB - Springer
ER -