Employee Security Behaviour: The Importance of Education and Policies in Organisational Settings (original) (raw)
Related papers
26th International Conference on Information Systems Development (ISD 2017), 2017
The growing number of information security breaches in organisations presents a serious risk to the confidentiality of personal and commercially sensitive data. Current research studies indicate that humans are the weakest link in the information security chain and the root cause of numerous security incidents in organisations. Based on literature gaps, this study investigates how procedural security countermeasures tend to affect employee security behaviour. Data for this study was collected in organisations located in the United States and Ireland. Results suggest that procedural security countermeasures are inclined to promote security-cautious behaviour in organisations, while their absence tends to lead to noncompliant behaviour.
Information and Computer Security, 2017
This paper provides new insights about security behaviour in selected US and Irish organisations by investigating how organisational culture and procedural security countermeasures tend to influence employee security actions. An increasing number of information security breaches in organisations presents a serious threat to the confidentiality of personal and commercially sensitive data. While recent research shows that humans are the weakest link in the security chain and the root cause of a great portion of security breaches, the extant security literature tends to focus on technical issues.
Organisational culture, procedural countermeasures, and employee security behaviour
Information & Computer Security, 2017
PurposeThis paper provides new insights about security behaviour in selected US and Irish organisations by investigating how organisational culture and procedural security countermeasures tend to influence employee security actions. An increasing number of information security breaches in organisations presents a serious threat to the confidentiality of personal and commercially sensitive data. While recent research shows that humans are the weakest link in the security chain and the root cause of a great portion of security breaches, the extant security literature tends to focus on technical issues.Design/methodology/approachThis paper builds on general deterrence theory and prior organisational culture literature. The methodology adapted for this study draws on the analytical grounded theory approach employing a constant comparative method.FindingsThis paper demonstrates that procedural security countermeasures and organisational culture tend to affect security behaviour in organi...
An increasing number of information security breaches in organisations presents a potentially serious threat to the privacy and confidentiality of personal and commercially sensitive data. Recent research shows that human beings are the weakest link in the security chain and the root cause of a great portion of security breaches. In the late 1990's, a new phenomenon called "information security culture" has emerged as a measure to promote security-cautious behaviour of employees in organisational settings. The concept of information security culture is relatively new and research on the subject is still evolving. This research-in-progress paper contributes to our understanding of this very important topic by offering a conceptualisation of information security culture. Additionally, this study indentifies factors that instigate adverse employee behaviour in organisations.
10th International Symposium on Human Aspects of Information Security & Assurance, 2016
An increasing number of information security breaches in organisations presents a serious threat to the confidentiality of personal and commercially sensitive data. Recent research shows that humans are the weakest link in the security chain and the root cause of a great portion of security breaches. This paper draws on prior research on organisational culture to examine how cultural factors affect employee security behaviour. Data for this research project were collected in 15 organisations in the United States and Ireland through qualitative interviews. Our findings demonstrate that organisational culture values of solidarity and people-orientation promote information security compliance, while sociability and taskorientation have a negative effect on employee security behaviour.
IFIP Advances in Information and Communication Technology, 2014
An increasing number of information security breaches in organisations presents a potentially serious threat to the privacy and confidentiality of personal and commercially sensitive data. Recent research shows that human beings are the weakest link in the security chain and the root cause of a great portion of security breaches. In the late 1990's, a new phenomenon called "information security culture" has emerged as a measure to promote security-cautious behaviour of employees in organisational settings. The concept of information security culture is relatively new and research on the subject is still evolving. This research-in-progress paper contributes to our understanding of this very important topic by offering a conceptualisation of information security culture. Additionally, this study indentifies factors that instigate adverse employee behaviour in organisations.
Connolly et al. (2015) Investigation of Employee Security Behaviour: A Grounded Theory Approach
At a time of rapid business globalisation, it is necessary to understand employee security behaviour within diverse cultural settings. While general deterrence theory has been extensively used in Behavioural Information Security research with the aim to explain the effect of deterrent factors on employees’ security actions, these studies provide inconsistent and even contradictory findings. Therefore, a further examination of deterrent factors in the security context is required. The aim of this study is to contribute to the emerging field of Behavioural Information Security research by investigating how a combination of security countermeasures and cultural factors impact upon employee security behaviour in organisations. A particular focus of this project is to explore the effect of national culture and organisational culture on employee actions as regards information security. Preliminary findings suggest that organisational culture, national culture, and security countermeasures do have an impact upon employee security behaviour.
Data Protection and Employee Behaviour: The Role of Information Systems Security Culture
The proliferation of information in modern society, as enabled by technologies such as portable personal devices, social media, and "cloud"-based services, presents a potentially serious threat to individual privacy and the security of corporate data. Despite various technology tools designed to protect organisations' vital information assets, security breaches within organisations continue to occur. In the 1990s, researchers realised that technical tools alone cannot solve the problem of IS security incidents and they began to focus their attention on socio-organisational aspects. A "human factor" problem has been recognised as the root cause of many security breaches. According to recent research, information security culture needs to be created in organisations in order to promote security-cautious behaviour of employees to avoid such incidents. The concept of information security culture is relatively new and research on this topic is underdeveloped. We submit that there is a need for research that explores the principal factors that impact upon the fostering of information security culture within organisations and how these factors change within different cultural contexts.
Investigation of Employee Security Behaviour: A Grounded Theory Approach
30th IFIP TC-11 SEC 2015 International Information Security and Privacy Conference, 2015
At a time of rapid business globalisation, it is necessary to understand employee security behaviour within diverse cultural settings. While general deterrence theory has been extensively used in Behavioural Information Security research with the aim to explain the effect of deterrent factors on employees' security actions, these studies provide inconsistent and even contradictory findings. Therefore, a further examination of deterrent factors in the security context is required. The aim of this study is to contribute to the emerging field of Behavioural Information Security research by investigating how a combination of security countermeasures and cultural factors impact upon employee security behaviour in organisations. A particular focus of this project is to explore the effect of national culture and organisational culture on employee actions as regards information security. Preliminary findings suggest that organisational culture, national culture, and security countermeasures do have an impact upon employee security behaviour.
Information Security Behaviors among Employees
International Journal of Academic Research in Business and Social Sciences, 2019
Information Security is crucial to organization especially to financial and industrial when dealing with company information and data. Information Security is defined as protecting the information and information system from unauthorized access, use, disruption, modification, disclosure, or also the destruction which to provide the confidentiality, availability, and integrity of the information. Information Security role as protecting the information and systems that covers compliance which involves data protection and publication scheme, and Information Management for Corporate Records, Copyrights and Intellectual Property. In this fast-changing world today, mobile technologies in information age nowadays have the ability and advance functions of computers and connectivity. In everyone's daily life, technologies have become integral and ubiquitous without their realization and user is vulnerable to the cyber-attack. Criminal hackers are attracted to steal personal and organization information. Thus, corporate data must be prevented from being transferred to personal application whether it is on personal devices or computer networks. As for organization, information and data are crucial for their organization plan, business conducts and future successfulness. This article will discuss issues, awareness, types of behavior, compliance and policies regarding information security.