The cost of non-compliance - When policies fail

Elinor M. Madigan, Corey Petrulich, Kelly Motuk

Research output: Chapter in Book/Report/Conference proceedingConference contribution

13 Scopus citations

Abstract

Employees are the greatest threat to an organization's security. Their non-compliance with security policies not only threatens the integrity of the system, it also costs the organization a significant amount of money due to the loss of information or the man-hours spent fixing problems that the user causes. This paper looks at the man-hour cost due to non-compliance at a branch of a large university. We identified what constituted non-compliance and then had the IT staff track the number of hours they spent addressing these problems over a 13-month period. This paper also covers what actions and tools the IT department is using to combat the problem of user non-compliance.

Original languageEnglish (US)
Title of host publication32nd Annual ACM SIGUCCS Fall 2004 Conference - Proceedings
Pages47-51
Number of pages5
StatePublished - 2004
Event32nd Annual ACM SIGUCCS Fall 2004 Conference - Baltimore, MD, United States
Duration: Oct 10 2004Oct 13 2004

Other

Other32nd Annual ACM SIGUCCS Fall 2004 Conference
CountryUnited States
CityBaltimore, MD
Period10/10/0410/13/04

All Science Journal Classification (ASJC) codes

  • Engineering(all)

Fingerprint Dive into the research topics of 'The cost of non-compliance - When policies fail'. Together they form a unique fingerprint.

  • Cite this

    Madigan, E. M., Petrulich, C., & Motuk, K. (2004). The cost of non-compliance - When policies fail. In 32nd Annual ACM SIGUCCS Fall 2004 Conference - Proceedings (pp. 47-51)