TBA

Presentation overview

Organisational security research has primarily focused on user security behaviour within workplace boundaries, examining both behaviour that complies with security policies and behaviour that does not. Within this context, researchers have identified shadow security behaviour—where security-conscious users adopt personal security practices that may not align with official security policies. Driven by the growth in remote work and increasing diversity of remote working arrangements, we conducted a qualitative research study to investigate the nature of shadow security within remote work settings. In this presentation, we will present our findings, which describe a model of personal security and how this interacts with an organisational security model in remote settings.

We model how remote workers use an appraisal process to relate the personal and organisational security models, driving their security-related behaviours. Our model explains how different levels of alignment between the personal and organisational models can drive compliance, non-compliance, and shadow security behaviour in remote work settings.

We discuss the implications of our findings for remote work security and highlight the importance of maintaining informal security communications for remote workers, homogenising security interactions, and adopting user experience design for remote work solutions.

Biography

Sarah Alromaih is a doctoral candidate at the department of Computer Science, University of Oxford. Before beginning her studies at Oxford, Sarah worked as a researcher at the Cyber Security Institute at King Abdulaziz City for Science and Technology, Saudi Arabia, where she played an active role in initiatives aimed at advancing research and collaboration in computer science. She holds both a Bachelor’s and a Master’s degree in Computer Science, graduating with honours. Her expertise spans diverse areas within the field, including usable security, data analytics, and human-cantered computing.