Abstract

Even with high usability of security measures, well-trained and loyal employees don't always behave according to security guidance and may thus represent a security risk. This unexpected behavior is explained by a chain of barriers that employees must overcome to achieve a compliant behavior with security policy requirements. The findings the author reports here open up a discussion on how current information security education might benefit from including more subjects on the human factor.