Productivity vs security: mitigating conflicting goals in organizations

Purpose This paper aims to contribute to the understanding of goal setting in organizations, especially regarding the mitigation of conflicting productivity and security goals. Design/methodology/approach This paper describes the results of a survey with 200 German employees regarding the effects of goal setting on employees’ security compliance. Based on the survey results, a concept for setting information security goals in organizations building on actionable behavioral recommendations from information security awareness materials is developed. This concept was evaluated in three small- to medium-sized organizations (SMEs) with overall 90 employees. Findings The survey results revealed that the presence of rewards for productivity goal achievement is strongly associated with a decrease in security compliance. The evaluation of the goal setting concept indicates that setting their own information security goals is welcomed by employees. Research limitations/implications Both studies rely on self-reported data and are, therefore, likely to contain some kind of bias. Practical implications Goal setting in organizations has to accommodate for situations, where productivity goals constrain security policy compliance. Introducing the proposed goal setting concept based on relevant actionable behavioral recommendations can help mitigate issues in such situations. Originality/value This work furthers the understanding of the factors affecting employee security compliance. Furthermore, the proposed concept can help maximizing the positive effects of goal setting in organizations by mitigating the negative effects through the introduction of meaningful and actionable information security goals.

Download Full-text

Determining the factors affecting the consumers' willingness to pay higher prices for genetically unmodified products

British Food Journal ◽

10.1108/00070700911001022 ◽

2009 ◽

Vol 111 (11) ◽

pp. 1188-1199 ◽

Cited By ~ 2

Author(s):

Z. Gokalp Goktolga ◽

Kemal Esengun

Keyword(s):

Willingness To Pay ◽

Household Income ◽

Consumer Preference ◽

Household Size ◽

Negative Effects ◽

Content Type ◽

Factors Affecting ◽

Monthly Household Income ◽

Positive Effects ◽

Conducting Research

PurposeThe purpose of this paper is to determine the factors affecting the consumers' willingness to pay higher prices for genetically unmodified products.Design/methodology/approachTomato was selected as a model crop. Data used in this study were gathered from questionnaires conducted in Tokat province of Turkey in April 2006. Questionnaires were accomplished via face‐to‐face interviews over 262 households. “Ordered logit model” was used in determining the factors that affect the willingness of consumers for higher prices for genetically unmodified products. Ordered models are those that limit dependent variables to certain intervals. According to the results, variables of household size, monthly household income, household's monthly food consumption expenditure and level of consumers' sensitivity over the issue affected the willingness to pay higher prices for genetically unmodified products.FindingsResults of the study indicated that household size and monthly household income had negative effects on the willingness to pay extra, while monthly food expenditure and concern had positive effects.Originality/valueThe results of the study will be beneficial for the policy makers, producers, consumers and those conducting research in this area alike. Carrying out studies aimed at determining consumer preference, such as this, will help form consumer consciousness, especially in Turkey, to protect consumer health.

Download Full-text

Escalation of commitment and information security: theories and implications

Information and Computer Security ◽

10.1108/ics-02-2016-0015 ◽

2017 ◽

Vol 25 (5) ◽

pp. 580-592 ◽

Cited By ~ 3

Author(s):

Dmitriy V. Chulkov

Keyword(s):

Information Security ◽

Security Policy ◽

Decision Makers ◽

Future Research ◽

Escalation Of Commitment ◽

Content Type ◽

Economic Theories ◽

Course Of Action ◽

Security Compliance ◽

Information Security Investment

Purpose This study aims to explore the challenges that the escalation of commitment poses to information security. Design/methodology/approach Two distinct scenarios of escalation behavior are presented based on literature review. Psychological, organizational and economic theories on escalation of commitment are reviewed and applied to the area of information security. Findings Escalation of commitment involves continuation of a course of action after receiving negative information about it. In the information security compliance context, escalation affects a firm when an employee decides to break the firm’s information security policy to complete a failing task. In the information security investment context, escalation occurs if a manager continues investment in policies and solutions that are ineffective because of psychological, organizational or economic factors. Both of these types of escalation may be prevented with de-escalation techniques including a change in management or rotation of duties, monitoring, auditing and governance mechanisms. Practical implications Implications of escalation of commitment behavior for information security decision-makers and for future research are discussed. Originality/value This study complements the literature by establishing the context of escalation of commitment in decisions related to information security and reviewing managerial and economic theories on escalation of commitment.

Download Full-text

Building an awareness-centered information security policy compliance model

Industrial Management & Data Systems ◽

10.1108/imds-07-2019-0412 ◽

2019 ◽

Vol 120 (1) ◽

pp. 231-247 ◽

Cited By ~ 1

Author(s):

Alex Koohang ◽

Jonathan Anderson ◽

Jeretta Horn Nord ◽

Joanna Paliszkiewicz

Keyword(s):

Information Security ◽

Security Policy ◽

Path Modeling ◽

Information Security Policy ◽

Content Type ◽

Security Issues ◽

Compliance Model ◽

Security Compliance ◽

Trusting Beliefs ◽

Practical Implications

Purpose The purpose of this paper is to build an awareness-centered information security policy (ISP) compliance model, asserting that awareness is the key to ISP compliance and that awareness depends upon several variables that influence successful ISP compliance. Design/methodology/approach The authors built a model with seven constructs, i.e., leadership, trusting beliefs, information security issues awareness (ISIA), ISP awareness, understanding resource vulnerability, self-efficacy (SE) and intention to comply. Seven hypotheses were stated. A sample of 285 non-management employees was used from various organizations in the USA. The authors used path modeling to analyze the data. Findings The findings indicated that IS awareness depends on effective organizational leadership and elevated employees’ trusting beliefs. The understanding of resource vulnerability (URV) and SE are influenced by IS awareness resulting from effective leadership and elevated employees’ trusting beliefs which guide employees to comply with ISP requirements. Practical implications Practical implications were aimed at organizations embracing an awareness-centered information security compliance program to secure organizations’ assets against threats by implementing various security education and training awareness programs. Originality/value This paper asserts that awareness is central to ISP compliance. Leadership and trusting beliefs variables play significant roles in the information security awareness which in turn positively affect employees’ URV and SE variables leading employees to comply with the ISP requirements.

Download Full-text

The effect of perceived organizational culture on employees’ information security compliance

Information and Computer Security ◽

10.1108/ics-06-2021-0073 ◽

2021 ◽

Vol ahead-of-print (ahead-of-print) ◽

Author(s):

Martin Karlsson ◽

Fredrik Karlsson ◽

Joachim Åström ◽

Thomas Denk

Keyword(s):

Organizational Culture ◽

Information Security ◽

Security Policy ◽

Organizational Cultures ◽

Policy Compliance ◽

Information Security Policy ◽

Content Type ◽

Security Compliance ◽

Information Security Policy Compliance ◽

Security Policy Compliance

Purpose This paper aims to investigate the connection between different perceived organizational cultures and information security policy compliance among white-collar workers. Design/methodology/approach The survey using the Organizational Culture Assessment Instrument was sent to white-collar workers in Sweden (n = 674), asking about compliance with information security policies. The survey instrument is an operationalization of the Competing Values Framework that distinguishes between four different types of organizational culture: clan, adhocracy, market and bureaucracy. Findings The results indicate that organizational cultures with an internal focus are positively related to employees’ information security policy compliance. Differences in organizational culture with regards to control and flexibility seem to have less effect. The analysis shows that a bureaucratic form of organizational culture is most fruitful for fostering employees’ information security policy compliance. Research limitations/implications The results suggest that differences in organizational culture are important for employees’ information security policy compliance. This justifies further investigating the mechanisms linking organizational culture to information security compliance. Practical implications Practitioners should be aware that the different organizational cultures do matter for employees’ information security compliance. In businesses and the public sector, the authors see a development toward customer orientation and marketization, i.e. the opposite an internal focus, that may have negative ramifications for the information security of organizations. Originality/value Few information security policy compliance studies exist on the consequences of different organizational/information cultures.

Download Full-text

Factors Affecting Hotel Organizational Members` Compliance Intention with Information Security Policy : Focusing on Goal Setting Theory and Motivation Theory

The e-Business Studies ◽

10.20462/tebs.2017.02.18.1.3 ◽

2017 ◽

Vol 18 (1) ◽

pp. 3-18

Author(s):

Sung Soo Kim

Keyword(s):

Information Security ◽

Goal Setting ◽

Security Policy ◽

Motivation Theory ◽

Information Security Policy ◽

Factors Affecting ◽

Goal Setting Theory ◽

Setting Theory

Download Full-text

Protecting intellectual property from insider threats

Journal of Intellectual Capital ◽

10.1108/jic-05-2019-0096 ◽

2019 ◽

Vol 21 (2) ◽

pp. 181-202

Author(s):

Hyungjin Lukas Kim ◽

Anat Hovav ◽

Jinyoung Han

Keyword(s):

Problem Solving ◽

Information Security ◽

Security Policy ◽

Structural Equation ◽

Equation Modeling ◽

Problem Solving Skills ◽

Content Type ◽

Positive Effects ◽

Theory Of Information ◽

Protecting Intellectual Property

Purpose The purpose of this paper is to propose a theory of information security intelligence and examine the effects of managers’ information security intelligence (MISI) on employees’ procedural countermeasure awareness and information security policy (ISP) compliance intention. Design/methodology/approach A survey approach and structural equation modeling is utilized. Partial least squares (WarpPLS 6.0) and nonlinear algorithm are employed to analyze and examine the hypotheses. In total, 324 employees from companies in South Korea participated in the survey, which was conducted by a professional survey service company. Findings MISI positively affects employees’ awareness of information security procedural countermeasures; information security knowledge and problem-solving skills have positive effects on procedural countermeasures awareness; MISI increases employees’ compliance intention through procedural countermeasure awareness; and information security procedural countermeasures positively affect employees’ ISP compliance intention. Research limitations/implications This study proposes a theory of information security intelligence and examines its impacts on employees’ compliance intentions. The study highlights the mediating role of information security procedural countermeasures between information security intelligence and employees’ compliance intentions. Practical implications Managers should improve and explicitly demonstrate information security knowledge and problem-solving skills to increase employees’ ISP compliance intention. To protect the organization’s intellectual capital, managers should champion the development and promotion of PCM, rather than leave these functions to the information security group. Originality/value This is the first empirical study to propose and validate MISI.

Download Full-text

Information security management and the human aspect in organizations

Information and Computer Security ◽

10.1108/ics-07-2016-0054 ◽

2017 ◽

Vol 25 (5) ◽

pp. 494-534 ◽

Cited By ~ 14

Author(s):

Harrison Stewart ◽

Jan Jürjens

Keyword(s):

Information Security ◽

Security Management ◽

Security Requirements ◽

It Security ◽

Security Risk ◽

Information Security Management ◽

Content Type ◽

Positive Effects ◽

Industrial Sectors ◽

Security Compliance

Purpose The aim of this study is to encourage management boards to recognize that employees play a major role in the management of information security. Thus, these issues need to be addressed efficiently, especially in organizations in which data are a valuable asset. Design/methodology/approach Before developing the instrument for the survey, first, effective measurement built upon existing literature review was identified and developed and the survey questionnaires were set according to past studies and the findings based on qualitative analyses. Data were collected by using cross-sectional questionnaire and a Likert scale, whereby each question was related to an item as in the work of Witherspoon et al. (2013). Data analysis was done using the SPSS.3B. Findings Based on the results from three surveys and findings, a principle of information security compliance practices was proposed based on the authors’ proposed nine-five-circle (NFC) principle that enhances information security management by identifying human conduct and IT security-related issues regarding the aspect of information security management. Furthermore, the authors’ principle has enabled closing the gap between technology and humans in this study by proving that the factors in the present study’s finding are interrelated and work together, rather than on their own. Research limitations/implications The main objective of this study was to address the lack of research evidence on what mobilizes and influences information security management development and implementation. This objective has been fulfilled by surveying, collecting and analyzing data and by giving an account of the attributes that hinder information security management. Accordingly, a major practical contribution of the present research is the empirical data it provides that enable obtaining a bigger picture and precise information about the real issues that cause information security management shortcomings. Practical implications In this sense, despite the fact that this study has limitations concerning the development of a diagnostic tool, it is obviously the main procedure for the measurements of a framework to assess information security compliance policies in the organizations surveyed. Social implications The present study’s discoveries recommend in actuality that using flexible tools that can be scoped to meet individual organizational needs have positive effects on the implementation of information security management policies within an organization. Accordingly, the research proposes that organizations should forsake the oversimplified generalized guidelines that neglect the verification of the difference in information security requirements in various organizations. Instead, they should focus on the issue of how to sustain and enhance their organization’s compliance through a dynamic compliance process that involves awareness of the compliance regulation, controlling integration and closing gaps. Originality/value The rapid growth of information technology (IT) has created numerous business opportunities. At the same time, this growth has increased information security risk. IT security risk is an important issue in industrial sectors, and in organizations that are innovating owing to globalization or changes in organizational culture. Previously, technology-associated risk assessments focused on various technology factors, but as of the early twenty-first century, the most important issue identified in technology risk studies is the human factor.

Download Full-text

Unveiling the factors affecting final electricity consumption: does the regional component matter?

International Journal of Energy Sector Management ◽

10.1108/ijesm-10-2017-0011 ◽

2018 ◽

Vol 12 (2) ◽

pp. 202-220 ◽

Cited By ~ 2

Author(s):

Djula Borozan ◽

Dubravka Pekanov Starcevic

Keyword(s):

Electricity Consumption ◽

Negative Effects ◽

Regional Effect ◽

Content Type ◽

Factors Affecting ◽

Positive Effects ◽

Regional Component ◽

Specific Factors ◽

Contextual Determinants ◽

Main Determinants

Purpose The purpose of this paper is to explore the developments in final electricity consumption, estimate the portions of changes that can be attributed to national, sectoral or regional factors, and to investigate determinants of the regional component (RC) in Croatia at the subnational level in the period 2001-2013. Design/methodology/approach In the first stage, the dynamic shift-share method is used to decompose final electricity consumption, and then, in the second stage, the panel population-averaged logit model is conducted to find the main determinants of the extracted RC. Findings The results show that both the sectoral factor and the regional factor are responsible for an increase in electricity consumption over the period considered, whereby the regional specificities had a larger impact in general. Thereby, the most developed regions, including the tourism-oriented ones, exhibited the largest average increase in electricity consumption mainly due to positive effects of the regional-specific factors, while the negative effects of these factors were mainly responsible for low average rates of changes in electricity consumption in less developed regions. Practical implications The results suggest that regional-specific energy conservation programs might be more effective in improving energy efficiency than the sector-oriented ones, as well as that socio-economic and contextual determinants matter when it comes to the probability of having a positive regional effect on the electricity consumption rate. Originality/value The paper investigated the determinants of the extracted RC which has not yet been addressed in the energy economics literature.

Download Full-text

Undesirable Effects of Goal Setting on Perceived Fairness, Commitment, and Unethical Behavior

Zeitschrift für Arbeits- und Organisationspsychologie A&O ◽

10.1026/0932-4089/a000267 ◽

2018 ◽

Vol 62 (2) ◽

pp. 97-107 ◽

Cited By ~ 2

Author(s):

Nina Keith

Keyword(s):

Goal Setting ◽

Unethical Behavior ◽

The United States ◽

Goal Commitment ◽

Management Technique ◽

Long Term Effects ◽

Perceived Fairness ◽

Negative Effects ◽

Positive Effects ◽

And Performance

Abstract. The positive effects of goal setting on motivation and performance are among the most established findings of industrial–organizational psychology. Accordingly, goal setting is a common management technique. Lately, however, potential negative effects of goal-setting, for example, on unethical behavior, are increasingly being discussed. This research replicates and extends a laboratory experiment conducted in the United States. In one of three goal conditions (do-your-best goals, consistently high goals, increasingly high goals), 101 participants worked on a search task in five rounds. Half of them (transparency yes/no) were informed at the outset about goal development. We did not find the expected effects on unethical behavior but medium-to-large effects on subjective variables: Perceived fairness of goals and goal commitment were least favorable in the increasing-goal condition, particularly in later goal rounds. Results indicate that when designing goal-setting interventions, organizations may consider potential undesirable long-term effects.

Download Full-text

Exploring privacy and trust for employee monitoring

Industrial Management & Data Systems ◽

10.1108/imds-07-2014-0197 ◽

2015 ◽

Vol 115 (1) ◽

pp. 88-106 ◽

Cited By ~ 19

Author(s):

Shuchih Ernest Chang ◽

Anne Yenching Liu ◽

Sungmin Lin

Keyword(s):

Organizational Culture ◽

Employee Performance ◽

Full Time ◽

Negative Effects ◽

Content Type ◽

Positive Effects ◽

Study Results ◽

Employee Monitoring ◽

Communication Privacy ◽

The Relationship

Purpose – The purpose of this paper is to evaluate privacy boundaries and explores employees’ reactions in employee monitoring. Design/methodology/approach – The research used the metaphor of boundary turbulence in the Communication Privacy Management (CPM) theory to demonstrate the psychological effect on employees. The model comprised organizational culture, CPM, trust, and employee performance in employee monitoring to further investigated the influence exerted by organizational culture and how employees viewed their trust within the organization when implementing employee monitoring. Variables were measured empirically by administrating questionnaires to full-time employees in organizations that currently practice employee monitoring. Findings – The findings showed that a control-oriented organizational culture raised communication privacy turbulence in CPM. The communication privacy turbulence in CPM mostly had negative effects on trust in employee monitoring policy, but not on trust in employee monitoring members. Both trust in employee monitoring policy and trust in employee monitoring members had positive effects on employee commitment and compliance to employee monitoring. Research limitations/implications – This research applied the CPM theory in workplace privacy to explore the relationship between employees’ privacy and trust. The results provide insights of why employees feel psychological resistance when they are forced to accept the practice of employee monitoring. In addition, this study explored the relationship between CPM and trust, and offer support and verification to prior studies. Practical implications – For practitioners, the findings help organizations to improve the performance of their employees and to design a more effective environment for employee monitoring. Originality/value – A research model was proposed to study the impacts of CPM on employee monitoring, after a broad survey on related researches. The validated model and its corresponding study results can be referenced by organization managers and decision makers to make favorable tactics for achieving their goals of implementing employee monitoring.

Download Full-text