Identifying HRM Practices for Improving Information Security Performance

This article focuses on identifying key human resource management (HRM) practices necessary for improving information security performance from the perspective of IT professionals. The Importance-Performance Map Analysis (IPMA) via SmartPLS 3.0 was employed and 232 samples were collected from information technology (IT) professionals in 43 organizations. The analysis identified information security training, background checks and monitoring as very important HRM practices that could improve the performance of organizational information security. In particular, the study found training on mobile devices security and malware; background checks and monitoring of potential, current and former employees as of high importance but with low performance. Thus, these key areas need to be improved with top priority. Conversely, the study found accountability and employee relations as being overly emphasized by the organisations. The findings raised some useful implications and information for HR and IT leaders to consider in future information security strategy.

Download Full-text

Identifying HRM Practices for Improving Information Security Performance

10.4018/978-1-6684-3873-2.ch024 ◽

2022 ◽

pp. 448-470

Author(s):

Peace Kumah ◽

Winfred Yaokumah ◽

Charles Buabeng-Andoh

Keyword(s):

Information Security ◽

Employee Relations ◽

It Professionals ◽

Background Checks ◽

Hrm Practices ◽

Organizational Information ◽

Low Performance ◽

Information Security Training ◽

Map Analysis ◽

Training Background

This article focuses on identifying key human resource management (HRM) practices necessary for improving information security performance from the perspective of IT professionals. The Importance-Performance Map Analysis (IPMA) via SmartPLS 3.0 was employed and 232 samples were collected from information technology (IT) professionals in 43 organizations. The analysis identified information security training, background checks and monitoring as very important HRM practices that could improve the performance of organizational information security. In particular, the study found training on mobile devices security and malware; background checks and monitoring of potential, current and former employees as of high importance but with low performance. Thus, these key areas need to be improved with top priority. Conversely, the study found accountability and employee relations as being overly emphasized by the organisations. The findings raised some useful implications and information for HR and IT leaders to consider in future information security strategy.

Download Full-text

The Role of Human Resource Management in Enhancing Organizational Information Systems Security

Handbook of Research on the Role of Human Factors in IT Project Management - Advances in IT Personnel and Project Management ◽

10.4018/978-1-7998-1279-1.ch018 ◽

2020 ◽

pp. 278-303

Author(s):

Peace Kumah

Keyword(s):

Information Systems ◽

Resource Management ◽

Human Resource Management ◽

Human Resource ◽

Employee Relations ◽

Information Systems Security ◽

Background Checks ◽

Systems Security ◽

Organizational Information

Emerging human resource management (HRM) practices are focusing on background checks, training and development, employer-employee relations, responsibility and accountability, and monitoring of information systems security resources. Information systems security ensures that appropriate resources and adequate skills exist in the organization to effectively manage information security projects. This chapter examined the role of HRM in enhancing organizational information systems security. Using importance-performance map analysis, the study found training, background checks, and monitoring as crucial HRM practices that could enhance organizational information systems security. Moreover, four indicators, consisting of training on mobile devices security; malware management; background checks; and monitoring of potential, current, and former employees recorded high importance but with rather low performance. Consequently, these indicators should be improved. On the contrary, the organizations placed excessive focus on responsibility, accountability, and employee relations.

Download Full-text

The Role of Human Resource Management in Enhancing Organizational Information Systems Security

10.4018/978-1-6684-3873-2.ch065 ◽

2022 ◽

pp. 1251-1277

Author(s):

Peace Kumah

Keyword(s):

Information Systems ◽

Resource Management ◽

Human Resource Management ◽

Human Resource ◽

Employee Relations ◽

Information Systems Security ◽

Background Checks ◽

Systems Security ◽

Organizational Information

Emerging human resource management (HRM) practices are focusing on background checks, training and development, employer-employee relations, responsibility and accountability, and monitoring of information systems security resources. Information systems security ensures that appropriate resources and adequate skills exist in the organization to effectively manage information security projects. This chapter examined the role of HRM in enhancing organizational information systems security. Using importance-performance map analysis, the study found training, background checks, and monitoring as crucial HRM practices that could enhance organizational information systems security. Moreover, four indicators, consisting of training on mobile devices security; malware management; background checks; and monitoring of potential, current, and former employees recorded high importance but with rather low performance. Consequently, these indicators should be improved. On the contrary, the organizations placed excessive focus on responsibility, accountability, and employee relations.

Download Full-text

Influencing factors of employees’ information systems security police compliance: An empirical research in China

E3S Web of Conferences ◽

10.1051/e3sconf/202021804032 ◽

2020 ◽

Vol 218 ◽

pp. 04032

Author(s):

Chongrui Liu ◽

Cong Wang ◽

Hongjie Wang ◽

Bo Niu

Keyword(s):

Information Systems ◽

Information Security ◽

Information Systems Security ◽

Perceived Severity ◽

Perceived Vulnerability ◽

Response Efficacy ◽

Systems Security ◽

Organizational Information ◽

Security Training ◽

Information Security Training

It is widely agreed that information systems security police compliance plays a pivotal role in safeguarding organizational information security. This study empirically investigated organizational and individual factors in predicting employees’ ISSP compliance. With a survey data of 525 civil servants in China, results showed that organizational information security training and information security climate were significantly related to employees’ ISSP compliance. Specifically, information security climate had stronger effect on ISSP compliance than information security training. Furthermore, it was found that employees’ perceived severity, perceived vulnerability and response efficacy were positively related to employees’ ISSP compliance. We discussed the key implications of our findings for managers and researchers.

Download Full-text

The Role of Human Resource Management in Enhancing Organizational Information Systems Security

10.4018/978-1-6684-3698-1.ch014 ◽

2022 ◽

pp. 300-325

Author(s):

Peace Kumah

Keyword(s):

Information Systems ◽

Resource Management ◽

Human Resource Management ◽

Human Resource ◽

Employee Relations ◽

Information Systems Security ◽

Background Checks ◽

Systems Security ◽

Organizational Information

Emerging human resource management (HRM) practices are focusing on background checks, training and development, employer-employee relations, responsibility and accountability, and monitoring of information systems security resources. Information systems security ensures that appropriate resources and adequate skills exist in the organization to effectively manage information security projects. This chapter examined the role of HRM in enhancing organizational information systems security. Using importance-performance map analysis, the study found training, background checks, and monitoring as crucial HRM practices that could enhance organizational information systems security. Moreover, four indicators, consisting of training on mobile devices security; malware management; background checks; and monitoring of potential, current, and former employees recorded high importance but with rather low performance. Consequently, these indicators should be improved. On the contrary, the organizations placed excessive focus on responsibility, accountability, and employee relations.

Download Full-text

Building a better password: The role of cognitive load in information security training

2009 IEEE International Conference on Intelligence and Security Informatics ◽

10.1109/isi.2009.5137281 ◽

2009 ◽

Cited By ~ 7

Author(s):

Ann-Marie Horcher ◽

Gurvirender P. Tejay

Keyword(s):

Information Security ◽

Cognitive Load ◽

Security Training ◽

Information Security Training

Download Full-text

Applying Protection Motivation Theory to Information Security Training for College Students

Journal of Information Privacy and Security ◽

10.1080/15536548.2013.10845672 ◽

2013 ◽

Vol 9 (1) ◽

pp. 47-67 ◽

Cited By ~ 18

Author(s):

Peter Meso ◽

Yi Ding ◽

Shuting Xu

Keyword(s):

College Students ◽

Information Security ◽

Protection Motivation Theory ◽

Protection Motivation ◽

Motivation Theory ◽

Security Training ◽

Information Security Training

Download Full-text

A Composite Framework for Behavioral Compliance with Information Security Policies

Journal of Organizational and End User Computing ◽

10.4018/joeuc.2013070103 ◽

2013 ◽

Vol 25 (3) ◽

pp. 32-51 ◽

Cited By ~ 9

Author(s):

Salvatore Aurigemma

Keyword(s):

Information Security ◽

Theory Of Planned Behavior ◽

Theoretical Framework ◽

Composite Model ◽

Security Policies ◽

Future Research ◽

Security Threats ◽

Behavioral Compliance ◽

Weakest Link ◽

Organizational Information

To combat potential security threats, organizations rely upon information security policies to guide employee actions. Unfortunately, employee violations of such policies are common and costly enough that users are often considered the weakest link in information security. This paper presents a composite theoretical framework for understanding employee behavioral compliance with organizational information security policies. Building off of the theory of planned behavior, a composite model is presented that incorporates the strengths of previous studies while minimizing theoretical gaps present in other behavioral compliance models. In building the framework, related operational constructs are examined and normalized to allow better comparison of past studies and help focus future research efforts.

Download Full-text