Home > Publications
Home University of Twente
Prospective Students
Intranet (internal)

EEMCS EPrints Service

20998 Reducing normative conflicts in information security
Home Policy Brochure Browse Search User Area Contact Help

Pieters, W. and Coles-Kemp, L. (2011) Reducing normative conflicts in information security. In: Proceedings of the 2011 New security paradigms workshop, NSPW '11, 12-15 Sep 2011, Marin County, CA. pp. 11-24. ACM. ISBN 978-1-4503-1078-9

Full text available as:

- Univ. of Twente only
2698 Kb

Official URL:

Exported to Metis


Security weaknesses often stem from users trying to comply with social expectations rather than following security procedures. Such normative conflicts between security policies and social norms are therefore undesirable from a security perspective. It has been argued that system developers have a "meta-task responsibility", meaning that they have a moral obligation to enable the users of the system they design to cope adequately with their responsibilities. Depending on the situation, this could mean forcing the user to make an "ethical" choice, by "designing out" conflicts. In this paper, we ask the question to what extent it is possible to detect such potential normative conflicts in the design phase of security-sensitive systems, using qualitative research in combination with so-called system models. We then envision how security design might proactively reduce conflict by (a) designing out conflict where possible in the development of policies and systems, and (b) responding to residual and emergent conflict through organisational processes. The approach proposed in this paper is a so-called subcultural approach, where security policies are designed to be culturally sympathetic. Where normative conflicts either cannot be avoided or emerge later, the organisational processes are used to engage with subcultures to encourage communally-mediated control.

Item Type:Conference or Workshop Paper (Full Paper, Talk)
Research Group:EWI-IS: Information Systems, EWI-DIES: Distributed and Embedded Security
Research Program:CTIT-ISTRICE: Integrated Security and Privacy in a Networked World
Research Project:VISPER: The VIrtual Security PERimeter for digital, physical, and organisational security
Uncontrolled Keywords:Human factors, Information security, Meta-task responsibility, Normative conflicts, Policy alignment, Security policies, Subcultures, System models
ID Code:20998
Deposited On:19 December 2011
More Information:statisticsmetis

Export this item as:

To request a copy of the PDF please email us request copy

To correct this item please ask your editor

Repository Staff Only: edit this item