The cost of non-compliance - When policies fail

Elinor M. Madigan, Corey Petrulich, Kelly Motuk

Research output: Chapter in Book/Report/Conference proceedingConference contribution

14 Scopus citations


Employees are the greatest threat to an organization's security. Their non-compliance with security policies not only threatens the integrity of the system, it also costs the organization a significant amount of money due to the loss of information or the man-hours spent fixing problems that the user causes. This paper looks at the man-hour cost due to non-compliance at a branch of a large university. We identified what constituted non-compliance and then had the IT staff track the number of hours they spent addressing these problems over a 13-month period. This paper also covers what actions and tools the IT department is using to combat the problem of user non-compliance.

Original languageEnglish (US)
Title of host publication32nd Annual ACM SIGUCCS Fall 2004 Conference - Proceedings
Number of pages5
StatePublished - 2004
Event32nd Annual ACM SIGUCCS Fall 2004 Conference - Baltimore, MD, United States
Duration: Oct 10 2004Oct 13 2004


Other32nd Annual ACM SIGUCCS Fall 2004 Conference
Country/TerritoryUnited States
CityBaltimore, MD

All Science Journal Classification (ASJC) codes

  • General Engineering


Dive into the research topics of 'The cost of non-compliance - When policies fail'. Together they form a unique fingerprint.

Cite this