Evaluation of the Effectiveness of Risk Assessment and Security Fatigue Visualization Model for Internal E-Crime

Hatashima, Takashi; Nagai, Keita; Kishi, Asami; Uekusa, Hikaru; Tanimoto, Shigeaki; Kanai, Atsushi; Fuji, Hitoshi; Ohkubo, Kazuhiko

doi:10.1109/compsac.2018.10323

Cited by 7 publications

(6 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This cost often results in what security experts might consider less secure online behaviour. Hatashima et al (2018) describe fatigue as a human experience when faced with multiple external actions to mitigate security risk.…”

Section: Security Complexity and Fatiguementioning

confidence: 99%

“…If countermeasures are implemented to reduce employees’ risky behaviours, this can lead to a vicious circle: security policies and procedures → employee fatigue → risky behaviour is displayed → additional policies and procedures, etc. (Hatashima et al , 2018). In the context of risk, Wilde (1982, 1998) proposed a homeostatic mechanism which predicts that individuals will weigh the expected benefits of risky behaviour against the costs and determine the level of risk they are willing to accept.…”

Section: Introductionmentioning

confidence: 99%

“…additional policies and procedures, etc. (Hatashima et al, 2018). In the context of risk, Wilde (1982Wilde ( , 1998 proposed a homeostatic mechanism which predicts that individuals will weigh the expected benefits of risky behaviour against the costs and determine the level of risk they are willing to accept.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Risk homeostasis and security fatigue: a case study of data specialists

Bhana

Ophoff

2023

ICS

View full text Add to dashboard Cite

Purpose Organisations use a variety of technical, formal and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and constantly challenges employees to manage security-related risks. The purpose of this research is to explore the homeostatic mechanism proposed by risk homeostasis theory (RHT), as well as security fatigue, in an organisational context. Design/methodology/approach A case study approach was used to investigate the topic, focusing on data specialists who regularly work with sensitive information assets. Primary data was collected through semi-structured interviews with 12 data specialists in a large financial services company. Findings A thematic analysis of the data revealed risk perceptions, behavioural adjustments and indicators of security fatigue. The findings provide examples of how these concepts manifest in practice and confirm the relevance of RHT in the security domain. Originality/value This research illuminates homeostatic mechanisms in an organisational security context. It also illustrates links with security fatigue and how this could further impact risk. Examples and indicators of security fatigue can assist organisations with risk management, creating “employee-friendly” policies and procedures, choosing appropriate technical security solutions and tailoring security education, training and awareness activities.

show abstract

Section: Security Complexity and Fatiguementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Risk homeostasis and security fatigue: a case study of data specialists

Bhana

Ophoff

2023

ICS

View full text Add to dashboard Cite

show abstract

“…In Fig. 2, the results of latent rank theory analysis based on a questionnaire survey show that the ideal group is the F2-Im2 group, which had a high degree of security measure implementation (value on the horizontal axis: Im2) and a moderately strained state of information security fatigue (value on the vertical axis: F2) [3]- [4].…”

Section: Information Security Condition Matrix: Establishment Of Information Security Fatigue Measurement Scalementioning

confidence: 99%

Information Security Fatigue Countermeasures Using Cognitive Strategy Scale Based on Web Questionnaires

Ogawa

Tanimoto

Hatashima

et al. 2021

IJNC

Self Cite

View full text Add to dashboard Cite

Information security measures have become increasingly important not only for companies but also for individuals in recent years. For this reason, many information security measures have been taken. However, if information security is overly complicated, ICT users may get overwhelmed. Although research on information security fatigue is being conducted, currently it is not enough. In particular, research from a psychological point of view is lacking. Examples of psychological measures include cognitive strategies that are classified as behavioral models. There are various cognitive strategies, but research into particular countermeasures against information security fatigue has not been sufficiently explored. In this work, we propose new measures based on psychological viewpoints. Specifically, these are information security fatigue countermeasures that introduce a cognitive strategy. We conducted a questionnaire survey on International Journal of Networking and Computing cognitive strategies and information security fatigue, analyzed the results, and classified them into 24 levels, consisting of six levels of the information security fatigue scale multiplied by four levels of cognitive strategies. Then, for each of these 24 levels, a new information security fatigue measure was proposed and evaluated on the basis of the free responses of the questionnaire survey. The results indicated that appropriate information security fatigue countermeasures according to human behavior patterns based on cognitive strategies and the information security fatigue scale are possible.

show abstract

“…If countermeasures are implemented to reduce employees' risky behaviours this can lead to a vicious circle: security policies and procedures → employee fatigue → risky behaviour is displayed → additional policies and procedures, etc. [10]. Wilde [18] suggests employees will weigh the expected benefits of risky behaviour against the costs and determine the level of risk they are willing to accept.…”

Section: Introductionmentioning

confidence: 99%

Security Fatigue: A Case Study of Data Specialists

Bhana

Ophoff

2022

Human Aspects of Information Security and Assurance

View full text Add to dashboard Cite

Due to the number of data breaches occurring worldwide there is increasing vigilance regarding information security. Organisations employ a variety of technical, formal, and informal security controls but also rely on employees to safeguard information assets. This relies heavily on compliance and constantly challenges employees with security-related tasks. Security compliance behaviour is a finite resource and when employees engage in cost-benefit analyses that extend tolerance thresholds, security fatigue may set in. Security fatigue has been described as a despondency and weariness to experience any further security tasks. This study used a case study approach to investigate employee security fatigue, focusing on data specialists. Primary data was collected through semi-structured interviews with 12 data specialists in a large financial services company. A thematic analysis of the data revealed several interlinked themes that evidence security fatigue. Awareness and understanding of these themes can help organisations to monitor for this and tailor security activities, such as security education, training, and awareness for increased effectiveness.

show abstract

Evaluation of the Effectiveness of Risk Assessment and Security Fatigue Visualization Model for Internal E-Crime

Cited by 7 publications

References 5 publications

Risk homeostasis and security fatigue: a case study of data specialists

Risk homeostasis and security fatigue: a case study of data specialists

Information Security Fatigue Countermeasures Using Cognitive Strategy Scale Based on Web Questionnaires

Security Fatigue: A Case Study of Data Specialists

Contact Info

Product

Resources

About