Information Security and People: A Conundrum for Compliance


  • Hiep Cong Pham RMIT University Vietnam
  • Duy Dang Pham RMIT University
  • Linda Brennan RMIT University
  • Joan Richardson RMIT University



security compliance, security management, end user security behaviour


This evaluation of end-users and IT experts/managers’ attitudes towards performing IT security tasks indicates important differences between their perspectives on what is and is not necessary to establish a secure corporate IT environment. Through a series of case studies, this research illustrates that making it easier for end-users to comply does not necessarily equate to enhanced implementation of security measures. End-users want to be autonomous, competent, self-motivated and active participants in the development of secure environments. However, managers and experts want to limit autonomy to ensure that procedures are followed closely, rather than permitting flexibility. This results in the creation of environments that are intrinsically de-motivating rather than motivating end-users to become self-determined and self-regulating co-creators of a secure IT environment. The paper also discusses alternative approaches to developing a human system that works for end-users and experts.




How to Cite

Pham, H. C., Pham, D. D., Brennan, L., & Richardson, J. (2017). Information Security and People: A Conundrum for Compliance. Australasian Journal of Information Systems, 21.



Research Articles