Examination of the Factors that Influence Teleworkers' Willingness to Comply with Information Security Guidelines

Godlove, Timothy

doi:10.1080/19393555.2012.668747

Cited by 4 publications

(4 citation statements)

References 41 publications

(125 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The findings of this study differ from those in the organizational domain where expectations may be very explicit, and where the "significant others" include authority figures as opposed to just friends and family. Godlove (2012) noted that direct supervisors were more important determinants of the effect of subjective norm on security intentions than peers, and in the personal computing domain there are no formal supervisors.…”

Section: Discussionmentioning

confidence: 99%

“Security begins at home”: Determinants of home computer and mobile device security behavior

Thompson

McGill

Wang

2017

Computers & Security

123

View full text Add to dashboard Cite

He holds MSc and PhD degrees and works in the area of Computer Security and Information Systems. His research interests include affective computing, human-computer interaction and information security. Xuequn (Alex) Wang is a Lecturer in Murdoch University. He received his Ph.D. in Information Systems from Washington State University. His research interests include knowledge management, online communities, and idea generation. His research has appeared (or is forthcoming) in Communications of the

show abstract

Section: Discussionmentioning

confidence: 99%

“Security begins at home”: Determinants of home computer and mobile device security behavior

Thompson

McGill

Wang

2017

Computers & Security

123

View full text Add to dashboard Cite

show abstract

“…Personal attitudes about security are formative in the motivation for and engagement in pro-security behaviors consistent with ISP requirements (Bulgurcu et al , 2010; Goodlove, 2011). It has long been known that cybersecurity regimes that rely on technical controls, alone, are inadequate to protect firms (Pedayachee, 2012), and to this end, it is our expectation that an important role for “consultative IS auditors” (Steinbart et al , 2013) is to identify and remediate both platform-based and implementation-based CyberComplacency in the firm.…”

Section: Case Of the Cybercomplacent Technology Usermentioning

confidence: 99%

The role of internal audit and user training in information security policy compliance

Stafford

Deitz

2018

MAJ

View full text Add to dashboard Cite

Purpose The purpose of the study is to investigate the role of information security policy compliance and the role of information systems auditing in identifying non-compliance in the workplace, with specific focus on the role of non-malicious insiders who unknowingly or innocuously thwart corporate information security (IS) directives by engaging in unsafe computing practices. The ameliorative effects of auditor-identified training and motivational programs to emphasize pro-security behaviors are explored. Design/methodology/approach This study applies qualitative case analysis of technology user security perceptions combined with interpretive analysis of depth interviews with auditors to examine and explain the rubrics of non-malicious technology user behaviors in violation of cybersecurity directives, to determine the ways in which auditors can best assist management in overcoming the problems associated with security complacency among users. Findings Enterprise risk management benefits from audits that identify technology users who either feel invulnerable to cyber threats and exploits or feel that workplace exigencies augur for expedient workarounds of formal cybersecurity policies. Research limitations/implications Implications for consideration of CyberComplacency and Cybersecurity Loafing expand the insider threat perspective beyond the traditional malicious insider perspective. Practical implications Implications for consideration of CyberComplacency and Cybersecurity Loafing include broadened perspectives for the consultative role of IS audit in the firm. Social implications CyberComplacency is a practice that has great potential for harm in all walks of life. A better understanding of these potential harms is beneficial. Originality/value This study is the first to characterize CyberComplacency as computer users who feel they operate invulnerable platforms and are subsequently motivated to engage in less cybersecurity diligence than the company would desire. This study is also the first to characterize the notion of Cybersecurity Loafing to describe technically competent workers who take unauthorized but expedient steps around certain security polices in the name of workgroup efficiency.

show abstract

“…Five of the articles (Dauda, Santhapparaj, Asirvatham, & Raman, 2007;Godlove, 2012;Hidayanto,Saifulhaq,&Handayani,2012;Mussa&Cohen,2013;Saeri,Ogilvie,LaMacchia,Smith, &Louis,2014)didnotincludedescriptionand7 (Bulgurcu,Cavusoglu,&Benbasat,2009;Cox, 2012;Dauda,Santhapparaj,Asirvatham,&Raman,2007;Hidayanto,Saifulhaq,&Handayani,2012;Liao,Luo,Gurung,&Li,2009;Saeri,Ogilvie,LaMacchia,Smith,&Louis,2014;Zhang,Reithel, &Li,2009)didnotincludemeasuresforattitude.Theremainingarticleswereanalyzedforthemost commonlyusedattitudedefinitionandmeasures.…”

Section: Methodsmentioning

confidence: 99%

A Common Description and Measures for Attitude in Information Security for Organizations

Etezady

2019

International Journal of Cyber Research and Education

View full text Add to dashboard Cite

Understanding employee's security behavior is required before effective security policies and training materials can be developed. The Anti-virus software, secure systems design methods, information management standards, and information systems security policies; which have been developed and implemented by many organizations; have not been successfully adopted. Information systems research is encompassing social aspects of systems research more and more in order to explain user behavior and improve technology acceptance. Theory of planned behavior (TPB) based on attitude, subjective norm, and perceived behavioral control constructs, considers intentions as cognitive antecedents of actions or behavior. This study reviews various research on attitude and finds the most common measures for attitude, which can be used in organizations to develop a method to influence employees' attitude positively with the goal of inducing positive security behavior. Further, a conceptual model for operationalizing the obtained measures for enhancing information security in organizations is presented.

show abstract

Examination of the Factors that Influence Teleworkers' Willingness to Comply with Information Security Guidelines

Cited by 4 publications

References 41 publications

“Security begins at home”: Determinants of home computer and mobile device security behavior

“Security begins at home”: Determinants of home computer and mobile device security behavior

The role of internal audit and user training in information security policy compliance

A Common Description and Measures for Attitude in Information Security for Organizations

Contact Info

Product

Resources

About