@inproceedings{a287b1f4508c4edd8a4e64e9f7db68fa,
title = "IS and cybersecurity practice: avoiding self-sabotage",
abstract = "In this paper, we explore cybersecurity from a sociotechnical work-system perspective and focus on the visibility and effectiveness of security practices as part of the everyday work practices of typical employees. The empirical inquiry involved 471 employees from 259 different organizations, drawn from both private and public sectors using semi-structured interviews and conducted from an interpretive stance. Employees interviewed were all expected to follow cybersecurity practices but were not involved in the development of such. The key findings reveal that actual work practices and routines of most employees were either ignored or insufficiently intertwined with security management efforts. Consequently, engagement and participation by professionals are needed to promote the design of work systems that are not only user-friendly but also genuinely supportive of meaningful use in context.",
keywords = "cybersecurity practice, sociotechnical, information systmes, work-system, sustainable cybersecurity",
author = "Peter Bednar and Christine Welch and Moufida Sadok",
note = "Output does not have a DOI; STPIS 2023: 9th International Conference on Socio-Technical Perspective in Information Systems Development ; Conference date: 27-10-2023 Through 28-10-2023",
year = "2023",
month = oct,
day = "27",
language = "English",
volume = "3598",
series = "CEUR Workshop Proceeding",
publisher = "CEUR Workshop Proceedings",
pages = "138--145",
editor = "Peter Bednar and Fatema Zaghloul and Christine Welch and Alexander Nolte and Mikko Rajanen and Islind, {Anna Sigridur} and Hult, {Helena Vallo} and Braccini, {Aurelio Ravarini}",
booktitle = "Proceedings STPIS2023: Proceedings of The 9th International Conference on Socio-Technical Perspectives in IS, October 27-28, Portsmouth, UK",
}