Challenging security policies
Sometimes security controls can prevent or disrupt job activity. In these instances controls may be ignored to keep productivity up. Disruptive security controls should be brought to the attention of supervisors and security teams.
Why is it important?
Security policies may cause productivity issues. This can lead to people taking shortcuts, potentially weakening security and putting data at risk.
It's important to challenge security policies if they impact work so they can be amended.
Priority Tier
Behaviours in SebDB are ranked by their impact on risk. Tier 1 behaviours have the biggest impact, Tier 4 behaviours the least.
Risk Mitigated
Data Leak
A data leak is when data is accidentally or intentionally disclosed to unauthorised people.
Account Compromise
Account compromise happens when unauthorised people access them.
Further reading
https://www.researchgate.net/publication/313804253_Information_security_policies_A_review_of_challenges_and_influencing_factors https://www.ncsc.gov.uk/blog-post/growing-positive-security-cultures https://www.ndss-symposium.org/wp-content/uploads/2018/03/eurousec2017_07_Becker_paper.pdf