A Path to Successful Management of Employee Security Compliance: An Empirical Study of Information Security Climate

Goo, Jahyun; Yim, Myung-Seong; Kim, Dan J.

doi:10.1109/tpc.2014.2374011

Cited by 61 publications

(53 citation statements)

References 118 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Organizations are challenged to make information security an everyday practice [10], however, it is often the case that organizations are led by thought "business first, then security" [11] due to perception among employees that security is just on the way and hampers the ability of employees to accomplish tasks [8], [12]. This results with viewing information security as a burden and not wanting to spend money on it [13] and, because of this, organizations often do nothing about security as long as everything is fine, but when things go wrong, they suddenly pay attention, but then one must make much more to recover from an unwanted situation, and complete recovery is sometimes impossible [8].…”

Section: Information Security In Organizationsmentioning

confidence: 99%

“…Giving the above mentioned, some of the key success factors in implementing, accepting or managing information security in organizations found in the literature are: senior management support [2], [7], [8], [9], [36], [24], [12], [33], [19], [35], [13], [37], [26], defined security policy [8], [7], [9], [36], [24], [12], [19], [35], [38], [37], [26], education, training and awareness [7], [8], [9], [36], [24], [12], [33], [19], [35], [2], [13], [38], [37], [39], [26], defined roles and responsibilities [7], [9], [10], information security and business alignment [24], [33], [13], information security culture [10], [24],…”

Section: Information Systems Security Successmentioning

confidence: 99%

“…Numerous researches show that management support is a key factor for success in adopting information security in organizations [33], [43], [30]. This support can highlight information security as an important function at the organizational level in many ways, including financing information security awareness education and training, human and financial resources allocation or promoting the importance of security for other employees within the organization [12], [33]. Without the support and involvement of senior management, the creation, training and implementation of security policies are generally not taken seriously [8], [9].…”

Section: Management Supportmentioning

confidence: 99%

See 2 more Smart Citations

Key Success Factors of Information Systems Security

Arbanas

Hrustek

2019

JIOS

View full text Add to dashboard Cite

The issue of information systems security, and thus information as key resource in today's information society, is something that all organizations in all sectors face in one way or another. To ensure that information remain secure, many organizations have implemented a continuous, structured and systematic security approach to manage and protect an organization's information from undermining individuals by establishing security policies, processes, procedures, and information security organizational structures. However, despite this, security threats, incidents, vulnerabilities and risks are still raging in many organizations. One of the main causes of this problem is poor understanding of information systems security key success factors. Identifying and understanding of information security key success factors can help organizations to manage how to focus limited resources on those elements that really impact on success, therefore saving time and money and creating added value and further enabling operational business. This research, based on comprehensive literature review, summarizes most cited key success factors of information systems security identified in scientific articles indexed in relevant databases, of which the top three success factors were management support, information security policy and information security education, training and awareness. At the end, article states identified research gaps and provides readers with possible directions for further researches. those from the organizational or sociological aspect, since even the best security technology cannot stop the social engineering based attack [1]. One of the first and the foremost challenges faced by information security executives is to successfully balance the need to protect information assets on the one hand and enable operational operations on the other, because over-strict protection can lead to business performance barriers while loose controls can create unacceptable risks for information assets [3]. A modern view of information security requires that an effective information security strategy must be balanced, i.e. designing and implementing security solutions should emphasize the importance of technology, but also the socio-organizational context within the organization [3] and observe information security also as business and social question, not just technical [3], [2].National Institute of Standards and Technology (NIST) [4] defines information security as "the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability"; information systems security as "the protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users, including those measures necessary to detect, document, and counter such threats" and cyber security as "the ability to protect or defend...

show abstract

Section: Information Security In Organizationsmentioning

confidence: 99%

Section: Information Systems Security Successmentioning

confidence: 99%

Section: Management Supportmentioning

confidence: 99%

See 1 more Smart Citation

Key Success Factors of Information Systems Security

Arbanas

Hrustek

2019

JIOS

View full text Add to dashboard Cite

show abstract

“…Trained security champions are end-users who possess domain-specific security knowledge and can provide timely and accessible assistance to other users within a department. Prior studies have found the availability of information security resources has a positive impact on security compliance (Chan et al 2005, Goo et al 2014. While many organisations …”

Section: Improving Risk Communications Between Information Security Smentioning

confidence: 99%

“…A majority of prior researches in the field have explored the motivation for security compliance, which consists of a wide range of internal and external factors to an individual. Internal factors can be for example, self-efficacy (Dang- , Johnston and Warkentin 2010, Rhee et al 2009) or security goal orientations (Pham and Nkhoma 2015), while external factors come from sanctions and rewards (D'Arcy et al 2014, Herath andRao 2009a) , security culture (Ruighaver et al 2007) and climate (Goo et al 2014, as well as security demands and resources , Pham et al 2016). …”

Section: Introductionmentioning

confidence: 99%

Information Security and People: A Conundrum for Compliance

Pham

Dang-Pham

Brennan

et al. 2017

AJIS

View full text Add to dashboard Cite

This evaluation of end-users and IT experts/managers' attitudes towards performing IT security tasks indicates important differences between their perspectives on what is and is not necessary to establish a secure corporate IT environment. Through a series of case studies, this research illustrates that making it easier for end-users to comply does not necessarily equate to enhanced implementation of security measures. End-users want to be autonomous, competent, self-motivated and active participants in the development of secure environments. However, managers and experts want to limit autonomy to ensure that procedures are followed closely, rather than permitting flexibility. This results in the creation of environments that are intrinsically de-motivating rather than motivating end-users to become self-determined and self-regulating co-creators of a secure IT environment. The paper also discusses alternative approaches to developing a human system that works for end-users and experts.

show abstract

Cyber Security Control Systems for Operational Technology

Sriram

2024

Industrial Control Systems

View full text Add to dashboard Cite

A Path to Successful Management of Employee Security Compliance: An Empirical Study of Information Security Climate

Cited by 61 publications

References 118 publications

Key Success Factors of Information Systems Security

Key Success Factors of Information Systems Security

Information Security and People: A Conundrum for Compliance

Cyber Security Control Systems for Operational Technology

Contact Info

Product

Resources

About