scholarly journals Impact of digital nudging on information security behavior: an experimental study on framing and priming in cybersecurity

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Kavya Sharma ◽  
Xinhui Zhan ◽  
Fiona Fui-Hoon Nah ◽  
Keng Siau ◽  
Maggie X. Cheng
Keyword(s):  
Experimental Study ◽  
Information Security ◽  
Dual Process ◽  
Security Risks ◽  
Content Type ◽  
Perceived Severity ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Digital Nudging ◽  
The Impact

PurposePhishing attacks are the most common cyber threats targeted at users. Digital nudging in the form of framing and priming may reduce user susceptibility to phishing. This research focuses on two types of digital nudging, framing and priming, and examines the impact of framing and priming on users' behavior (i.e. action) in a cybersecurity setting. It draws on prospect theory, instance-based learning theory and dual-process theory to generate the research hypotheses.Design/methodology/approachA 3 × 2 experimental study was carried out to test the hypotheses. The experiment consisted of three levels for framing (i.e. no framing, negative framing and positive framing) and two levels for priming (i.e. with and without priming).FindingsThe findings suggest that priming users to information security risks reduces their risk-taking behavior, whereas positive and negative framing of information security messages regarding potential consequences of the available choices do not change users' behavior. The results also indicate that risk-averse cybersecurity behavior is associated with greater confidence with the action, greater perceived severity of cybersecurity risks, lower perceived susceptibility to cybersecurity risks resulting from the action and lower trust in the download link.Originality/valueThis research shows that digital nudging in the form of priming is an effective way to reduce users' exposure to cybersecurity risks.

The effects of moral disengagement and organizational ethical climate on insiders’ information security policy violation behavior

2019 ◽  
Vol 32 (4) ◽  
pp. 973-992 ◽  
Author(s):  
Hao Chen ◽  
Patrick Y.K. Chau ◽  
Wenli Li
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Moral Disengagement ◽  
Ethical Climate ◽  
Content Type ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Organizational Ethical Climate ◽  
The Relationship ◽  
Moderating Role

Purpose The purpose of this paper is to develop a model that integrates moral disengagement (MD) and organizational ethical climate (OEC) to understand information security policy (ISP) violation behavior in the workplace. This study extends prior work by identifying the moderating mechanisms of the ethical culture of OECs in the relationship between employees’ MD and ISP violation behavior intention. Design/methodology/approach By using scenario-based survey data from 433 employees in Chinese enterprises and by applying PLS-based structural equation modeling, the authors test a series of hypotheses. Findings Our empirical results highlight that the concept of MD has a significant effect on employees’ intention to violate ISPs. The authors also find that the OEC has a moderating role in the relationship between MD and ISP violation intention: the moderating role of law-and-rule-oriented OEC is significantly negative, but instrumentalism-oriented OEC positively moderates this relationship. Originality/value This study contributes to the literature on information security behavior by integrating two ethical theory frameworks MD and OECs into one theoretical model, and it calls attention to how ethical factors at the individual cognition level and organizational climate level work together to influence personal information security behavior. This study provides a new perspective of OEC from which to understand policy violation caused by moral self-regulation failure, and empirically explores its moderating role.

Work ethic and information security behavior

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Thiagarajan Ramakrishnan ◽  
Dwight M. Hite ◽  
Joseph H. Schuessler ◽  
Victor Prybutok
Keyword(s):  
Information Security ◽  
Work Ethic ◽  
Training Needs ◽  
Equation Modeling ◽  
Content Type ◽  
Data Breaches ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Employment Screening ◽  
New Hires

Purpose Information security is a growing issue that impacts organizations in virtually all industries, and data breaches impact millions of customers and cost organizations millions of dollars. Within the past several years alone, huge data breaches have been experienced by organizations such as Marriot, Equifax, eBay, JP Morgan Chase, Home Depot, Target and Yahoo, the latter of which impacted three billion users. This study aims to examine the utilization of pre-employment screening to identify potential hires that may require enhanced information security training to avoid such costs. Design/methodology/approach The authors hypothesize that an individual’s work ethic predicts a person’s information security behavior. The authors test this hypothesis using structural equation modeling with bootstrapping techniques. Findings Data analysis suggests that certain dimensions of work ethic do indeed predict information security posture, and thus, simple pre-employment screening techniques (i.e. questionnaires) can aid in identifying potential security threats. Practical implications The findings provide a tool for identifying problematic employee security posture prior to hiring, which may be useful in identifying training needs for new hires. Originality/value The findings provide a tool for identifying problematic employee security posture prior to hiring, which may be useful in identifying training needs for new hires.

Empirical assessment of mobile device users’ information security behavior towards data breach

2019 ◽  
Vol 21 (2) ◽  
pp. 215-233 ◽  
Author(s):  
Anthony Duke Giwah ◽  
Ling Wang ◽  
Yair Levy ◽  
Inkyoung Hur
Keyword(s):  
Information Security ◽  
Survey Data ◽  
Mobile Device ◽  
Equation Modeling ◽  
Mobile Users ◽  
Data Breach ◽  
Content Type ◽  
Information Security Behavior ◽  
Mobile Device Security ◽  
Security Behavior

Purpose The purpose of this paper is to investigate the information security behavior of mobile device users in the context of data breach. Much of the previous research done in user information security behavior have been in broad contexts, therefore creating needs of research that focuses on specific emerging technologies and trends such as mobile technology. Design/methodology/approach This study was an empirical study that gathered survey data from 390 mobile users. Delphi study and pilot study were conducted prior to the main survey study. Partial Least Square Structural Equation Modeling was used to analyze the survey data after conducting pre-analysis data screening. Findings This study shows that information security training programs must be designed by practitioners to target the mobile self-efficacy (MSE) of device users. It also reveals that practitioners must design mobile device management systems along with processes and procedures that guides users to take practical steps at protecting their devices. This study shows the high impact of MSE on users’ protection motivation (PM) to protect their mobile devices. Additionally, this study reveals that the PM of users influences their usage of mobile device security. Originality/value This study makes theoretical contributions to the existing information security literature. It confirms PM theory’s power to predict user behavior within the context of mobile device security usage. Additionally, this study investigates mobile users’ actual security usage. Thus, it goes beyond users’ intention.

The impact of information security initiatives on supply chain robustness and performance: an empirical study

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Sindhuja P.N.
Keyword(s):  
Supply Chain ◽  
Information Security ◽  
Supply Chains ◽  
Structural Equation ◽  
Essential Element ◽  
Equation Modeling ◽  
Content Type ◽  
And Performance ◽  
The Impact ◽  
Supply Chain Robustness

Purpose Information security is an essential element in all business activities. The damage to businesses from information security breaches has become pervasive. The scope of information security has widened as information has become a critical supply chain asset, making it more important to protect the organization’s data. Today’s global supply chains rely upon the speedy and robust dissemination of information among supply chain partners. Hence, processing of accurate supply chain information is quintessential to ensure the robustness and performance of supply chains. An effective information security management (ISM) is deemed to ensure the robustness of supply chains. The purpose of the paper is to examine the impact of information security initiatives on supply chain robustness and performance. Design/methodology/approach Based on extant literature, a research model was developed and validated using a questionnaire survey instrument administered among information systems/information technology managers. Data collected were analyzed using exploratory and confirmatory factor analysis. Further, to test the hypotheses and to fit the theoretical model, Structural equation modeling techniques were used. Findings Results of this study indicated that information security initiatives are positively associated with supply chain robustness and performance. These initiatives are likely to enhance the robustness and performance of the supply chains. Originality/value With the advancements in internet technologies and capabilities as well as considering the dynamic environment of supply chains, this study is relevant in terms of the capability that an organization needs to acquire with regards to ISM. Benefiting from the resource dependency theory, information security initiatives could be considered as a critical resource having an influence on the internal and external environment of supply chains.

Investigating the Information Perception Value (IPV) Model in Maintaining the Information Security

2020 ◽  
pp. 499-524
Author(s):  
Sharul Tajuddin ◽  
Afzaal H. Seyal ◽  
Norfarrah Binti Muhamad Masdi ◽  
Nor Zainah H. Siau
Keyword(s):  
Data Analysis ◽  
Information Security ◽  
Social Values ◽  
Information Value ◽  
Information Security Behavior ◽  
Monetary Value ◽  
Security Environment ◽  
Brunei Darussalam ◽  
Security Behavior ◽  
Information Values

This pioneering study is conducted among 150 employees from various ministries of Brunei Darussalam regarding their perception in maintaining the information security and to validate the IPV model using linear regression data analysis techniques. The IPV model identifies the factors that affect the user's perception of information values and to further assess as how these perceptions of information value affect their behavior in information security environment. The results show that IPV model have significant predicting power the employees' behavior with more than half of the variance (59%) in information value is shared by these six contextual variables. However, four out of six antecedent variables monetary value, ministerial jurisdiction, spiritual, and social values are significantly predicting the information value. The study has significant impact both for the researchers and practitioners and will add value to the current repository of broad knowledge in information security behavior.

The Cultural Foundation of Information Security Behavior

2021 ◽  
pp. 522-545
Author(s):  
Canchu Lin ◽  
Anand S. Kunnathur ◽  
Long Li
Keyword(s):  
Organizational Culture ◽  
Information Security ◽  
Security Policy ◽  
Behavior Control ◽  
Policy Compliance ◽  
Information Security Policy ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Information Security Policy Compliance ◽  
Security Policy Compliance

Past behavior research overwhelmingly focused on information security policy compliance and under explored the role of organizational context in shaping information security behaviors. To address this research gap, this study integrated two threads of literature: organizational culture, and information security behavior control, and proposed a framework that integrates mid-range theories used in empirical research, connects them to organizational culture, and predicts its role in information security behavior control. Consistent with the cultural-fit perspective, this framework shows that information security policy compliance fits hierarchical culture and the approach of promoting positive, proactive, and emerging information security behaviors fits participative culture. Contributions and practical implications of this framework, together with future research directions, are discussed.

Sign in / Sign up

Export Citation Format

Share Document