{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,13]],"date-time":"2026-04-13T17:48:28Z","timestamp":1776102508111,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":41,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642413193","type":"print"},{"value":"9783642413209","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-41320-9_5","type":"book-chapter","created":{"date-parts":[[2013,10,1]],"date-time":"2013-10-01T06:08:20Z","timestamp":1380607700000},"page":"70-82","source":"Crossref","is-referenced-by-count":33,"title":["\u201cComply or Die\u201d Is Dead: Long Live Security-Aware Principal Agents"],"prefix":"10.1007","author":[{"given":"Iacovos","family":"Kirlappos","sequence":"first","affiliation":[]},{"given":"Adam","family":"Beautement","sequence":"additional","affiliation":[]},{"given":"M. Angela","family":"Sasse","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"5_CR1","unstructured":"GRT Corporation, http:\/\/www.grtcorp.com\/content\/british-intelligence-speaks-out-cyber-threats"},{"key":"5_CR2","unstructured":"Schneier, B.: Secrets and lies: digital security in a networked world. Wiley (2000)"},{"key":"5_CR3","doi-asserted-by":"crossref","unstructured":"Beautement, A., Sasse, M.A., Wonham, M.: The compliance budget: managing security behaviour in organisations. In: NSPW 2008: Proceedings of the 2008 Workshop on New Security Paradigms, pp. 47\u201358 (2008)","DOI":"10.1145\/1595676.1595684"},{"key":"5_CR4","doi-asserted-by":"publisher","first-page":"133","DOI":"10.1145\/1719030.1719050","volume-title":"Proceedings of the 2009 Workshop on New Security Paradigms Workshop (NSPW 2009)","author":"C. Herley","year":"2009","unstructured":"Herley, C.: So long, and no thanks for the externalities: the rational rejection of security advice by users. In: Proceedings of the 2009 Workshop on New Security Paradigms Workshop (NSPW 2009), pp. 133\u2013144. ACM, New York (2009)"},{"issue":"12","key":"5_CR5","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1145\/322796.322806","volume":"42","author":"A. Adams","year":"1999","unstructured":"Adams, A., Sasse, M.A.: Users Are Not The Enemy: Why users compromise security mechanisms and how to take remedial measures. Communications of the ACM\u00a042(12), 40\u201346 (1999)","journal-title":"Communications of the ACM"},{"issue":"3","key":"5_CR6","doi-asserted-by":"publisher","first-page":"122","DOI":"10.1023\/A:1011902718709","volume":"19","author":"M.A. Sasse","year":"2001","unstructured":"Sasse, M.A., Brostoff, S., Weirich, D.: Transforming the \u201cweakest link\u201d: A human-computer interaction approach to usable and effective security. BT Technology Journal\u00a019(3), 122\u2013131 (2001)","journal-title":"BT Technology Journal"},{"key":"5_CR7","unstructured":"Weirich: Persuasive password Security. PhD thesis, University College London (2005)"},{"key":"5_CR8","unstructured":"Friedman, B., Howe, D.C., Felten, E.: Informed consent in the Mozilla browser: Implementing value-sensitive design. In: Proceedings of the 35th Annual Hawaii International Conference on System Sciences, HICSS. IEEE (2002)"},{"issue":"3","key":"5_CR9","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1108\/09685220310480381","volume":"11","author":"H. Fulford","year":"2003","unstructured":"Fulford, H., Doherty, N.F.: The application of information security policies in large UK-based organizations: an exploratory investigation. Information Management & Computer Security\u00a011(3), 106\u2013114 (2003)","journal-title":"Information Management & Computer Security"},{"issue":"5","key":"5_CR10","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1108\/09685229910292817","volume":"7","author":"H.N. Higgins","year":"1999","unstructured":"Higgins, H.N.: Corporate system security: towards an integrated management approach. Information Management and Computer Security\u00a07(5), 217\u2013222 (1999)","journal-title":"Information Management and Computer Security"},{"key":"5_CR11","doi-asserted-by":"crossref","unstructured":"Bartsch, S., Sasse, M.A.: Guiding Decisions on Authorization Policies: A Participatory Approach to Decision Support. In: ACM SAC 2012, Trento, Italy (2012)","DOI":"10.1145\/2245276.2232015"},{"key":"5_CR12","unstructured":"Bj\u00f6rck, F.: Security Scandinavian style. PhD diss., Stockholm University (2001)"},{"key":"5_CR13","unstructured":"Fl\u00e9chais, I.: Designing Secure and Usable Systems. PhD diss., University College London (2005)"},{"key":"5_CR14","doi-asserted-by":"crossref","unstructured":"Wood, C.C.: An unappreciated reason why information security policies fail. Computer Fraud & Security\u00a0(10), 13\u201314 (2000)","DOI":"10.1016\/S1361-3723(00)10029-6"},{"key":"5_CR15","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1145\/1146269.1146280","volume-title":"Proceedings of the 2005 Workshop on New Security Paradigms (NSPW 20005)","author":"I. Flechais","year":"2005","unstructured":"Flechais, I., Riegelsberger, J., Sasse, M.A.: Divide and conquer: the role of trust and assurance in the design of secure socio-technical systems. In: Proceedings of the 2005 Workshop on New Security Paradigms (NSPW 20005), pp. 33\u201341. ACM, New York (2005)"},{"issue":"6","key":"5_CR16","doi-asserted-by":"publisher","first-page":"476","DOI":"10.1016\/j.cose.2009.01.003","volume":"28","author":"E. Albrechtsen","year":"2009","unstructured":"Albrechtsen, E., Hovden, J.: The information security digital divide between information security managers and users. Computers & Security\u00a028(6), 476\u2013490 (2009)","journal-title":"Computers & Security"},{"issue":"3","key":"5_CR17","doi-asserted-by":"publisher","first-page":"246","DOI":"10.1016\/j.cose.2004.08.011","volume":"24","author":"M. Karyda","year":"2005","unstructured":"Karyda, M., Kiountouzis, E., Kokolakis, S.: Information systems security policies: a contextual perspective. Computers & Security\u00a024(3), 246\u2013260 (2005)","journal-title":"Computers & Security"},{"key":"5_CR18","unstructured":"PWC (2012), http:\/\/www.pwc.co.uk\/audit-assurance\/publications\/uk-information-security-breaches-survey-results-2012.jhtml"},{"key":"5_CR19","doi-asserted-by":"crossref","unstructured":"Ashford, W. (2012), http:\/\/www.computerweekly.com\/news\/2240148942\/Infosec-2012-Record-security-breaches-cost-UK-firms-billions","DOI":"10.1016\/S1361-3723(12)70034-9"},{"key":"5_CR20","unstructured":"Deloitte (2009), http:\/\/www.deloitte.com\/assets\/Dcom-UnitedKingdom\/Local%20Assets\/Documents\/UK_ERS_2009_CB_Security_Survey.pdf"},{"key":"5_CR21","unstructured":"Bartsch, S., Sasse, M.A.: How Users Bypass Access Control and Why: The Impact of Authorization Problems on Individuals and the Organization. In: ECIS 2013: The 21st European Conference in Information Systems (in press, 2013)"},{"key":"5_CR22","doi-asserted-by":"crossref","unstructured":"Strauss, A., Corbin, J.: Basics of qualitative research: Techniques and procedures for developing grounded theory. Sage Publications, Incorporated (2007)","DOI":"10.4135\/9781452230153"},{"issue":"3","key":"5_CR23","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","volume":"34","author":"B. Bulgurcu","year":"2010","unstructured":"Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness. MIS Quarterly\u00a034(3), 523\u2013548 (2010)","journal-title":"MIS Quarterly"},{"key":"5_CR24","first-page":"383","volume-title":"Proceedings of the 28th International Conference on Human Factors in Computing Systems","author":"P.G. Inglesant","year":"2010","unstructured":"Inglesant, P.G., Sasse, M.A.: The true cost of unusable password policies: password use in the wild. In: Proceedings of the 28th International Conference on Human Factors in Computing Systems, pp. 383\u2013392. ACM, Atlanta (2010)"},{"key":"5_CR25","unstructured":"Adams, J.: Risk. University College London Press (1995)"},{"key":"5_CR26","doi-asserted-by":"crossref","unstructured":"Wash, R.: Folk models of home computer security. In: Proceedings of the Sixth Symposium on Usable Privacy and Security. ACM (2010)","DOI":"10.1145\/1837110.1837125"},{"key":"5_CR27","unstructured":"http:\/\/www.pcworld.com\/article\/261754\/does_the_windows_logon_password_protect_your_data_.html"},{"key":"5_CR28","unstructured":"Sasse, M.A., Ashenden, D., Lawrence, D., Coles-Kemp, L., Fl\u00e9chais, I., Kearney, P.: Human vulnerabilities in security systems. Human Factors Working Group, Cyber Security KTN Human Factors White Paper (2007)"},{"key":"5_CR29","unstructured":"Pallas, F.: Information Security inside organisations. PhD Thesis, Technical University of Berlin (2009)"},{"key":"5_CR30","doi-asserted-by":"crossref","unstructured":"Teo, T.S.H., King, W.R.: Integration between business planning and information systems planning: an evolutionary-contingency perspective. Journal of Management Information Systems, 185\u2013214 (1997)","DOI":"10.1080\/07421222.1997.11518158"},{"issue":"5","key":"5_CR31","doi-asserted-by":"publisher","first-page":"384","DOI":"10.1016\/S0167-4048(01)00507-7","volume":"20","author":"C.M. Trompeter","year":"2001","unstructured":"Trompeter, C.M., Eloff, J.H.P.: A framework for the implementation of socio-ethical controls in information security. Computers & Security\u00a020(5), 384\u2013391 (2001)","journal-title":"Computers & Security"},{"issue":"2","key":"5_CR32","doi-asserted-by":"publisher","first-page":"127","DOI":"10.1046\/j.1365-2575.2001.00099.x","volume":"11","author":"G. Dhillon","year":"2001","unstructured":"Dhillon, G., Backhouse, J.: Current directions in IS security research: towards socio-organizational perspectives. Information Systems Journal\u00a011(2), 127\u2013153 (2001)","journal-title":"Information Systems Journal"},{"key":"5_CR33","unstructured":"Checkland, P.B., Poulter, J.: Learning for Action: A short definitive account of Soft Systems Methodology and its use for Practitioners, Teachers and Students (2006)"},{"issue":"1","key":"5_CR34","doi-asserted-by":"publisher","first-page":"27","DOI":"10.1016\/j.cose.2005.12.004","volume":"25","author":"S.M. Furnell","year":"2006","unstructured":"Furnell, S.M., Jusoh, A., Katsabas, D.: The challenges of understanding and using security: A survey of end-users. Computers & Security\u00a025(1), 27\u201335 (2006)","journal-title":"Computers & Security"},{"key":"5_CR35","volume-title":"Proceedings of the 1996 Information Systems Conference of New Zealand (ISCNZ 1996)","author":"H.L. James","year":"1996","unstructured":"James, H.L.: Managing information systems security: A soft approach. In: Proceedings of the 1996 Information Systems Conference of New Zealand (ISCNZ 1996). IEEE Computer Society, Washington, DC (1996)"},{"issue":"4","key":"5_CR36","doi-asserted-by":"publisher","first-page":"271","DOI":"10.1016\/j.cose.2005.04.004","volume":"24","author":"B. Solms Von","year":"2005","unstructured":"Von Solms, B., von Solms, R.: From information security to business security. Computers & Security\u00a024(4), 271\u2013273 (2005)","journal-title":"Computers & Security"},{"issue":"2","key":"5_CR37","doi-asserted-by":"publisher","first-page":"24","DOI":"10.1109\/MSP.2011.179","volume":"10","author":"I. Kirlappos","year":"2012","unstructured":"Kirlappos, I., Sasse, M.A.: Security Education against Phishing: A Modest Proposal for a Major Rethink. IEEE Security & Privacy\u00a010(2), 24\u201332 (2012)","journal-title":"IEEE Security & Privacy"},{"issue":"3","key":"5_CR38","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1016\/j.cose.2004.01.012","volume":"23","author":"C. Vroom","year":"2004","unstructured":"Vroom, C., Von Solms, R.: Towards information security behavioural compliance. Computers & Security\u00a023(3), 191\u2013198 (2004)","journal-title":"Computers & Security"},{"issue":"3","key":"5_CR39","doi-asserted-by":"publisher","first-page":"381","DOI":"10.1016\/j.ijhcs.2005.01.001","volume":"62","author":"J. Riegelsberger","year":"2005","unstructured":"Riegelsberger, J., Sasse, M.A., McCarthy, J.D.: The mechanics of trust: a framework for research and design. International Journal of Human-Computer Studies\u00a062(3), 381\u2013422 (2005)","journal-title":"International Journal of Human-Computer Studies"},{"key":"5_CR40","doi-asserted-by":"crossref","unstructured":"Schlienger, T., Teufel, S.: Analyzing information security culture: increased trust by an appropriate information security culture. In: Proceedings of the14th International Workshop on Database and Expert Systems Applications, pp. 405\u2013409. IEEE (2003)","DOI":"10.1109\/DEXA.2003.1232055"},{"issue":"6","key":"5_CR41","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1109\/MSP.2009.110","volume":"7","author":"D. Caputo","year":"2009","unstructured":"Caputo, D., Maloof, M., Stephens, G.: Detecting insider theft of trade secrets. IEEE Security & Privacy\u00a07(6), 14\u201321 (2009)","journal-title":"IEEE Security & Privacy"}],"container-title":["Lecture Notes in Computer Science","Financial Cryptography and Data Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-41320-9_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,30]],"date-time":"2025-04-30T15:04:39Z","timestamp":1746025479000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-41320-9_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642413193","9783642413209"],"references-count":41,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-41320-9_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013]]}}}