Effective information security policies for efficient remote working : Software professionals' perspective

Abstract

The increasing extensive use on mobile devices and concepts like Bring Your Own Device (BYOD) together with sophisticated technologies empower the concept of “remote working” (also called teleworking, work-from-home) as a growing trend in software practice, making the security of information more vulnerable. The necessity for security measures is significantly arising in this context. It is problematic if productivity is disturbed when it is attempted to realize the target of reducing this risk via security measures. Through this research, it was intended to find out what perception do the remote working software professionals have on the Information Security Policy (ISP) as a creator of productivity pitfalls and what considerations should there be when devising information security policies to keep remote workers in the software industry efficient. A detailed quantitative approach followed by a short qualitative analysis were engaged to learn about the perception of the remote-working software professionals based on data gathered via a survey. Several aspects such as, "the increase of additional work and procedures due to policy", "complexities and issues in following the policy", along with "awareness of the policy and information security in general", were identified to have a significant positive impact on the remote working software professional’s productivity. Also, it shows that not only the non-managerial staff but also the managerial staff need to improve, disapproving the assumption that management is following the correct procedures. Based on these findings, recommendations were made that could be considered when setting up an ISP. However, due to limitations in accessing the data, results are mostly relevant to the private sector. It is expected that this study would be beneficial to policy-makers by getting prior knowledge of what is affecting the performance of the ISP and to the end-users by enabling them to involve in policy making to make finally their own lives easy.