Users who see security as an obstacle or a nuisance are less likely to abide by security policies. Referred to as “resistance behavior,” a Virginia Tech study found that even if people understand that a security breach can have severe consequences on an organization, that knowledge does not always make users accept and conform to security policy rules. Individuals may feel their competence challenged, which triggers a negative attitude toward security in general. Users may also view some security controls, such as scheduled password changes, as unnecessary interruptions. Security controls, such as a fingerprint scanner, that don’t work consistently may make users feel overwhelmed and lead to mistrust of security controls or even overriding them.
Answer the following question(s):
- If you were a professional in charge of security for an organization, what would you say to a user who believes they have the right to decide whether to participate in security measures?
- In the same scenario, what kind of incentive do you think would encourage the user to participate?