Results

Found 2 articles

Clear filters

The effects of knowledge mechanisms on employees' information security threat construal
PDF
2023 | Information Systems Journal | Citations: 1
Authors: Mady, Ashraf; Gupta, Saurabh; Warkentin, Merrill

Abstract: Organisations implement a variety of knowledge mechanisms such as information se ... Expand

Abstract: Organisations implement a variety of knowledge mechanisms such as information security education, training and awareness (SETA) programs and information security policies, to influence employees' secure behaviour. Despite increased efforts to provide information systems (IS) security knowledge to employees, data breaches and other security incidents resulting from insider behaviour continue. Recent IS security research, primarily grounded on assumptions of employees' rational assessment of numerous factors, has yielded inconsistent results. Challenging this paradigm, we model secure behaviour on security knowledge mechanisms, which focuses on the multidimensional nature of security knowledge breadth, depth and finesse to represent the full array of managerial levers. We further draw on construal level theory to conceptualise users' perceptual judgements of security messages. Two studies support our model, with the second building on the first. Study 1, an experiment with 312 participants, focused on validating the treatments. Study 2, a survey with 219 participants, validated the entire model. Results showed that our model has significantly more explanatory and predictive power than the orthodox paradigm. Our results have practical implications for optimising the organisation of knowledge mechanisms by emphasising the personal relevance of threats and defining the factors that lead to secure behaviour. We also contribute to the discourse on information security research and provide a template for integrating theories, thus opening new avenues for future research. Collapse

Semantic filters: security compliance theory

Topics: data security email phishing security policy IT security task complexity

Methods: survey experiment Student's t-test parametric test survey design

Theories: construal level theory security compliance theory
Promoting Information Security Policy Compliance – An Empirical Study

2020 | Americas Conference on Information Systems | Citations: 0
Authors: Li, Lei; Han, Meng

Abstract: Ensuring employees comply with the information security policy is an essential ... Expand

Abstract: Ensuring employees comply with the information security policy is an essential component of the security program in an organization. Grounded in action research and inspired by Unified Model of Information Security Compliance (UMISPC) (Moody et al. 2018), we introduce a customizable framework to promote information security policy compliance and lay out a plan to empirically test the proposed framework in a large public university in the southeast of US. The proposed framework can facilitate organizations to better understand their employees' non-compliance behaviors and create effective remediation actions. This research also validates the UMISPC in a university setting, which will contribute to the generalizability and refinement of the UMISPC model after the study is successfully carried out. The limitations and future directions of this project are also discussed. Collapse

Semantic filters: security compliance theory

Topics: information security policy compliance data security security policy IT security cybersecurity behavior

Methods: action research survey survey design self reported survey confirmatory factor analysis

Theories: security compliance theory

Page 1 of 1

AIS11

Journals

Conferences

Semantic Filter

Found 2 articles

The effects of knowledge mechanisms on employees' information security threat construal

Promoting Information Security Policy Compliance – An Empirical Study