People-centred security is critical for the security of an organisation, but we know that it comes at a cost. Recently the academic literature base has started to focus on how security might be understood and promoted as a facet of the overall culture of an organisation. This work sets out to understand the experiences of employees and management when using an anonymous online discussion platform to discuss cybersecurity policies. Following a 2-week deployment in a large UK educational institution, we found that anonymity helped individuals share their experiences, and that these experiences helped others understand more about the rationale for security policies. However, we also found that anonymity negatively impacted on individuals’ ability to discuss specific problems and follow up on incidents. We discuss the opportunities and challenges of using anonymous discussion platforms in organisations for improving the security culture through social participation and a more transparent listening culture.
https://dl.acm.org/doi/10.1145/3706598.3713290
The ACM CHI Conference on Human Factors in Computing Systems (https://chi2025.acm.org/)