Challenging security policies
Sometimes security controls can prevent or disrupt job activity. In these instances controls may be ignored to keep productivity up. Disruptive security controls should be brought to the attention of supervisors and security teams.
Security policies may cause productivity issues. This can lead to people taking shortcuts, potentially weakening security and putting data at risk.
It's important to challenge security policies if they impact work so they can be amended.
Behaviours in SebDB are ranked by their impact on risk. Tier 1 behaviours have the biggest impact, Tier 4 behaviours the least.
A data leak is when data is accidentally or intentionally disclosed to unauthorised people.
Account compromise happens when unauthorised people access them.
https://www.researchgate.net/publication/313804253_Information_security_policies_A_review_of_challenges_and_influencing_factors https://www.ncsc.gov.uk/blog-post/growing-positive-security-cultures https://www.ndss-symposium.org/wp-content/uploads/2018/03/eurousec2017_07_Becker_paper.pdf