Factors that Influence Information Security Behavior: An Australian Web-Based Study

2015 ◽  
pp. 231-241 ◽  
Author(s):  
Malcolm Pattinson ◽  
Marcus Butavicius ◽  
Kathryn Parsons ◽  
Agata McCormac ◽  
Dragana Calic
Keyword(s):  
Information Security ◽  
Web Based ◽  
Information Security Behavior ◽  
Security Behavior

Investigating the Information Perception Value (IPV) Model in Maintaining the Information Security

2020 ◽  
pp. 499-524
Author(s):  
Sharul Tajuddin ◽  
Afzaal H. Seyal ◽  
Norfarrah Binti Muhamad Masdi ◽  
Nor Zainah H. Siau
Keyword(s):  
Data Analysis ◽  
Information Security ◽  
Social Values ◽  
Information Value ◽  
Information Security Behavior ◽  
Monetary Value ◽  
Security Environment ◽  
Brunei Darussalam ◽  
Security Behavior ◽  
Information Values

This pioneering study is conducted among 150 employees from various ministries of Brunei Darussalam regarding their perception in maintaining the information security and to validate the IPV model using linear regression data analysis techniques. The IPV model identifies the factors that affect the user's perception of information values and to further assess as how these perceptions of information value affect their behavior in information security environment. The results show that IPV model have significant predicting power the employees' behavior with more than half of the variance (59%) in information value is shared by these six contextual variables. However, four out of six antecedent variables monetary value, ministerial jurisdiction, spiritual, and social values are significantly predicting the information value. The study has significant impact both for the researchers and practitioners and will add value to the current repository of broad knowledge in information security behavior.

The Cultural Foundation of Information Security Behavior

2021 ◽  
pp. 522-545
Author(s):  
Canchu Lin ◽  
Anand S. Kunnathur ◽  
Long Li
Keyword(s):  
Organizational Culture ◽  
Information Security ◽  
Security Policy ◽  
Behavior Control ◽  
Policy Compliance ◽  
Information Security Policy ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Information Security Policy Compliance ◽  
Security Policy Compliance

Past behavior research overwhelmingly focused on information security policy compliance and under explored the role of organizational context in shaping information security behaviors. To address this research gap, this study integrated two threads of literature: organizational culture, and information security behavior control, and proposed a framework that integrates mid-range theories used in empirical research, connects them to organizational culture, and predicts its role in information security behavior control. Consistent with the cultural-fit perspective, this framework shows that information security policy compliance fits hierarchical culture and the approach of promoting positive, proactive, and emerging information security behaviors fits participative culture. Contributions and practical implications of this framework, together with future research directions, are discussed.

scholarly journals Organizational Information Security Management for Sustainable Information Systems: An Unethical Employee Information Security Behavior Perspective

2020 ◽  
Vol 12 (8) ◽  
pp. 3163
Author(s):  
Amanda M. Y. Chu ◽  
Mike K. P. So
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Security Management ◽  
Information Security Management ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Different Types ◽  
Employee Information ◽  
Willingness To Report ◽  
Security Incidents

This article examines the occurrences of four types of unethical employee information security behavior—misbehavior in networks/applications, dangerous Web use, omissive security behavior, and poor access control—and their relationships with employees’ information security management efforts to maintain sustainable information systems in the workplace. In terms of theoretical contributions, this article identifies and develops reliable and valid instruments to measure different types of unethical employee information security behavior. In addition, it investigates factors affecting different types of such behavior and how such behavior can be used to predict employees’ willingness to report information security incidents. In terms of managerial contributions, the article suggests that information security awareness programs and perceived punishment have differential effects on the four types of unethical behavior and that certain types of unethical information security behavior exert negative effects on employees’ willingness to report information security incidents. The findings will help managers to derive better security rules and policies, which are important for business continuity.

scholarly journals The Effect of Rational Based Beliefs and Awareness on Employee Compliance with Information Security Procedures: A Case Study of a Financial Corporation in Israel

10.28945/4596 ◽  
2020 ◽  
Vol 15 ◽  
pp. 109-125
Author(s):  
Golan Carmi ◽  
Dan Bouhnik
Keyword(s):  
Information Security ◽  
Future Research ◽  
Employee Behavior ◽  
Regulatory Governance ◽  
Information Security Behavior ◽  
Positive Effects ◽  
Compliance Behavior ◽  
Security Behavior ◽  
Level Of Understanding ◽  
Security Procedures

Aim/Purpose: This paper examines the behavior of financial firm employees with regard to information security procedures instituted within their organization. Furthermore, the effect of information security awareness and its importance within a firm is explored. Background: The study focuses on employees’ attitude toward compliance with information security policies (ISP), combined with various norms and personal abilities. Methodology: A self-reported questionnaire was distributed among 202 employees of a large financial Corporation Contribution: As far as we know, this is the first paper to thoroughly explore employees’ awareness of information system procedures, among financial organizations in Israel, and also the first to develop operative recommendations for these organizations aimed at increasing ISP compliance behavior. The main contribution of this study is that it investigates compliance with information security practices among employees of a defined financial corporation operating under rigid regulatory governance, confidentiality and privacy of data, and stringent requirements for compliance with information security procedures. Findings: Our results indicate that employees’ attitudes, normative beliefs and personal capabilities to comply with firm’s ISP, have positive effects on the firm’s ISP compliance. Also, employees’ general awareness of IS, as well as awareness to ISP within the firm, positively affect employees’ ISP compliance. Recommendations for Practitioners: This study can help information security managers identify the motivating factors for employee behavior to maintain information security procedures, properly channel information security resources, and manage appropriate information security behavior. Recommendation for Researchers: Researchers can see that corporate rewards and sanctions have significant effects on employee security behavior, but other motivational factors also reinforce the ISP’s compliance behavior. Distinguishing between types of corporations and organizations is essential to understanding employee compliance with information security procedures. Impact on Society: This study offers another level of understanding of employee behavior with regard to information security in organizations and comprises a significant contribution to the growing knowledge in this area. The research results form an important basis for IS policymakers, culture designers, managers, and those directly responsible for IS in the organization. Future Research: Future work should sample employees from another type of corporation from other fields and should apply qualitative analysis to explore other aspects of behavioral patterns related to the subject matter.

Sign in / Sign up

Export Citation Format

Share Document