IS and cybersecurity practice: avoiding self-sabotage

Peter Bednar, Christine Welch, Moufida Sadok

Research output: Chapter in Book/Report/Conference proceedingConference contribution

18 Downloads (Pure)


In this paper, we explore cybersecurity from a sociotechnical work-system perspective and focus on the visibility and effectiveness of security practices as part of the everyday work practices of typical employees. The empirical inquiry involved 471 employees from 259 different organizations, drawn from both private and public sectors using semi-structured interviews and conducted from an interpretive stance. Employees interviewed were all expected to follow cybersecurity practices but were not involved in the development of such. The key findings reveal that actual work practices and routines of most employees were either ignored or insufficiently intertwined with security management efforts. Consequently, engagement and participation by professionals are needed to promote the design of work systems that are not only user-friendly but also genuinely supportive of meaningful use in context.
Original languageEnglish
Title of host publicationProceedings STPIS2023: Proceedings of The 9th International Conference on Socio-Technical Perspectives in IS, October 27-28, Portsmouth, UK
EditorsPeter Bednar, Fatema Zaghloul, Christine Welch, Alexander Nolte, Mikko Rajanen, Anna Sigridur Islind, Helena Vallo Hult, Aurelio Ravarini Braccini
PublisherCEUR Workshop Proceedings
Number of pages8
Publication statusPublished - 27 Oct 2023
EventSTPIS 2023: 9th International Conference on Socio-Technical Perspective in Information Systems Development - Portsmouth, United Kingdom
Duration: 27 Oct 202328 Oct 2023

Publication series

NameCEUR Workshop Proceeding
ISSN (Print)1613-0073


ConferenceSTPIS 2023: 9th International Conference on Socio-Technical Perspective in Information Systems Development
Country/TerritoryUnited Kingdom


  • cybersecurity practice
  • sociotechnical
  • information systmes
  • work-system
  • sustainable cybersecurity

Cite this