Reducing Normative Conflicts in Information Security. / Pieters, Wolter; Coles-Kemp, Lizzie.

NSPW '11: Proceedings of the 2011 New security paradigms workshop, 12-15 Sep 2011, Marin County, CA. . ACM, 2011. p. 11-24.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Published

Standard

Reducing Normative Conflicts in Information Security. / Pieters, Wolter; Coles-Kemp, Lizzie.

NSPW '11: Proceedings of the 2011 New security paradigms workshop, 12-15 Sep 2011, Marin County, CA. . ACM, 2011. p. 11-24.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Harvard

Pieters, W & Coles-Kemp, L 2011, Reducing Normative Conflicts in Information Security. in NSPW '11: Proceedings of the 2011 New security paradigms workshop, 12-15 Sep 2011, Marin County, CA. . ACM, pp. 11-24. <http://www.nspw.org/papers/2011/nspw2011-pieters.pdf>

APA

Pieters, W., & Coles-Kemp, L. (2011). Reducing Normative Conflicts in Information Security. In NSPW '11: Proceedings of the 2011 New security paradigms workshop, 12-15 Sep 2011, Marin County, CA. (pp. 11-24). ACM. http://www.nspw.org/papers/2011/nspw2011-pieters.pdf

Vancouver

Pieters W, Coles-Kemp L. Reducing Normative Conflicts in Information Security. In NSPW '11: Proceedings of the 2011 New security paradigms workshop, 12-15 Sep 2011, Marin County, CA. . ACM. 2011. p. 11-24

Author

Pieters, Wolter ; Coles-Kemp, Lizzie. / Reducing Normative Conflicts in Information Security. NSPW '11: Proceedings of the 2011 New security paradigms workshop, 12-15 Sep 2011, Marin County, CA. . ACM, 2011. pp. 11-24

BibTeX

@inproceedings{c5686e8c29734be681a2c07c972ef028,
title = "Reducing Normative Conflicts in Information Security",
abstract = "Security weaknesses often stem from users trying to com- ply with social expectations rather than following security procedures. Such normative conflicts between security poli- cies and social norms are therefore undesirable from a secu- rity perspective. It has been argued that system developers have a “meta-task responsibility”, meaning that they have a moral obligation to enable the users of the system they design to cope adequately with their responsibilities. De- pending on the situation, this could mean forcing the user to make an “ethical” choice, by “designing out” conflicts. In this paper, we ask the question to what extent it is possi- ble to detect such potential normative conflicts in the de- sign phase of security-sensitive systems, using qualitative research in combination with so-called system models. We then envision how security design might proactively reduce conflict by (a) designing out conflict where possible in the development of policies and systems, and (b) responding to residual and emergent conflict through organisational pro- cesses. The approach proposed in this paper is a so-called subcultural approach, where security policies are designed to be culturally sympathetic. Where normative conflicts ei- ther cannot be avoided or emerge later, the organisational processes are used to engage with subcultures to encourage communally-mediated control.",
author = "Wolter Pieters and Lizzie Coles-Kemp",
year = "2011",
language = "English",
pages = "11--24",
booktitle = "NSPW '11: Proceedings of the 2011 New security paradigms workshop, 12-15 Sep 2011, Marin County, CA.",
publisher = "ACM",

}

RIS

TY - GEN

T1 - Reducing Normative Conflicts in Information Security

AU - Pieters, Wolter

AU - Coles-Kemp, Lizzie

PY - 2011

Y1 - 2011

N2 - Security weaknesses often stem from users trying to com- ply with social expectations rather than following security procedures. Such normative conflicts between security poli- cies and social norms are therefore undesirable from a secu- rity perspective. It has been argued that system developers have a “meta-task responsibility”, meaning that they have a moral obligation to enable the users of the system they design to cope adequately with their responsibilities. De- pending on the situation, this could mean forcing the user to make an “ethical” choice, by “designing out” conflicts. In this paper, we ask the question to what extent it is possi- ble to detect such potential normative conflicts in the de- sign phase of security-sensitive systems, using qualitative research in combination with so-called system models. We then envision how security design might proactively reduce conflict by (a) designing out conflict where possible in the development of policies and systems, and (b) responding to residual and emergent conflict through organisational pro- cesses. The approach proposed in this paper is a so-called subcultural approach, where security policies are designed to be culturally sympathetic. Where normative conflicts ei- ther cannot be avoided or emerge later, the organisational processes are used to engage with subcultures to encourage communally-mediated control.

AB - Security weaknesses often stem from users trying to com- ply with social expectations rather than following security procedures. Such normative conflicts between security poli- cies and social norms are therefore undesirable from a secu- rity perspective. It has been argued that system developers have a “meta-task responsibility”, meaning that they have a moral obligation to enable the users of the system they design to cope adequately with their responsibilities. De- pending on the situation, this could mean forcing the user to make an “ethical” choice, by “designing out” conflicts. In this paper, we ask the question to what extent it is possi- ble to detect such potential normative conflicts in the de- sign phase of security-sensitive systems, using qualitative research in combination with so-called system models. We then envision how security design might proactively reduce conflict by (a) designing out conflict where possible in the development of policies and systems, and (b) responding to residual and emergent conflict through organisational pro- cesses. The approach proposed in this paper is a so-called subcultural approach, where security policies are designed to be culturally sympathetic. Where normative conflicts ei- ther cannot be avoided or emerge later, the organisational processes are used to engage with subcultures to encourage communally-mediated control.

M3 - Conference contribution

SP - 11

EP - 24

BT - NSPW '11: Proceedings of the 2011 New security paradigms workshop, 12-15 Sep 2011, Marin County, CA.

PB - ACM

ER -