Measuring employees’ compliance – the importance of value pluralism

Karlsson, Fredrik; Karlsson, Martin; Åström, Joachim

doi:10.1108/ics-11-2016-0084

Cited by 26 publications

(21 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Security behaviour provisions tend to imply that the decision-maker has resources available to complete training and policies, but in an organization the decision-maker is busy with their paid job. To avoid 'decision fatigue' and the 'hassle factor' [8] of complying with security, we must consider the endowment effect -as also applies to security [35] -and acknowledge that for the busy decision-maker, doing security requires a loss to something else. This requires an institutional view to helping the decision-maker to negotiate where that cost will be borne from.…”

Section: Toward a Consistent Strategymentioning

confidence: 99%

See 1 more Smart Citation

You’ve Left Me No Choices: Security Economics to Inform Behaviour Intervention Support in Organizations

Demjaha

Parkin

Pym

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Security policy-makers (influencers) in an organization set security policies that embody intended behaviours for employees (as decision-makers) to follow. Decision-makers then face choices, where this is not simply a binary decision of whether to comply or not, but also how to approach compliance and secure working alongside other workplace pressures, and limited resources for identifying optimal securityrelated choices. Conflict arises due to information asymmetries present in the relationship, where influencers and decision-makers both consider costs, gains, and losses in ways which are not necessarily aligned. With the need to promote 'good enough' decisions about security-related behaviours under such constraints, we hypothesize that actions to resolve this misalignment can benefit from constructs from both neoclassical economics and behavioural economics. Here we demonstrate how current approaches to security behaviour provisioning in organizations mirror rational-agent economics, even where behavioural economics is embodied in the promotion of individual security behaviours. We develop and present a framework to accommodate bounded security decision-making, within an ongoing programme of behaviours which must be provisioned for and supported. We also point to applications of the framework in negotiating sustainable security behaviours, such as policy concordance and just security cultures.

show abstract

Section: Toward a Consistent Strategymentioning

confidence: 99%

“…A 'security diet' would document perceived occurrence and costs of advocated behaviours (for instance through a typical working day). Questions can then be asked to reconcile these costs with expected behaviour elsewhere in the organization [35], to determine if time for security tasks is being taken from elsewhere.…”

Section: A Security Dietmentioning

confidence: 99%

You’ve Left Me No Choices: Security Economics to Inform Behaviour Intervention Support in Organizations

Demjaha

Parkin

Pym

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…However, policies that do not consider irregular work situations are also likely to motivate employees to engage in non-compliance behaviors. According to Karisson et al (2017), respondents who perceived conflicts between information security and other organizational values in their work were less likely to comply with ISP in the context of such conflicts. For example, when out of their offices, employees may decide to share their passwords with their colleagues if they feel that doing so is the only way to accomplish a particular task (e.g.…”

Section: Applying At To Non-compliance Contextsmentioning

confidence: 99%

“…Non-compliant behaviors are considered to be undesirable from an organizational standpoint (Bulgurcu et al , 2010; Myyry et al , 2009), and past research has recommended that sanctions need to be applied to deter them (Aurigemma and Mattson, 2017; D’Arcy and Herath, 2011; D’Arcy et al , 2009). Still, many employees tend to continue to engage in non-compliant behaviors (Vance et al , 2012), and often they do so to accomplish their tasks more efficiently (Karisson et al , 2017). For example, copying confidential data on an insecure USB can enable an employee to work extra hours from home (which is likely to benefit both the employee and the organization).…”

Section: Introductionmentioning

confidence: 99%

An activity theory approach to information security non-compliance

Khatib

Barki

2020

ICS

View full text Add to dashboard Cite

Purpose The purpose of this paper is to introduce activity theory (AT) as a new theoretical lens to the field of information security non-compliance by explaining how research in that field can benefit from AT and to suggest eight propositions for future research. Design/methodology/approach Based on AT, the paper suggests that employees, IT systems, task characteristics, information security policies (ISPs), community and division of labor can be viewed to form an ensemble that is labeled activity. Their characteristics and/or the relationships that exist between them in organizational contexts are hypothesized to influence non-compliance behaviors. Findings The paper suggests that AT provides a broad lens that can be useful for explaining a large variety of non-compliant behaviors related to information security. Research limitations/implications The paper focuses only on non-compliant behaviors that employees undertake with non-malicious intentions and offers avenues for future research based on the propositions that are developed in the paper. Originality/value The paper provides a useful step toward a better understanding of non-compliant ISP behaviors. In addition, it proposes and explains new research areas in the non-compliance field.

show abstract

“…Vacuum bagging use atmospheric pressure to hold laminate layers together. By this method it is possible to manufacture composites with high fiber content which translate into higher strength to weight ratios . In order to create structure based on given geometry necessary is, to make mold with exact shape, Figure .…”

Section: Manufacturementioning

confidence: 99%

Design and manufacture of umanned aerial vehicles (UAV) wing structure using composite materials

Grodzki

Łukaszewicz

2015

Materialwissenschaft Werkst

View full text Add to dashboard Cite

This paper presents possibilities of simulating composites materials in SolidWorks environment and selected aspects of the unmanned aerial vehicle (UAV) design and manufacturing process (real airplane model was used in Air Cargo Challenge 2013 competition). First part of article contains informations about types of composite materials, mechanical properties and their structures. UAV wing design process is presented as multistage task. Next part of manuscript includes numerical analysis which deals with two cases of composites structures: laminates and sandwich composites. Differences in values of displacement and principal stresses (P1, P3) were shown in considered structures based on equal boundary conditions. Final part of article deals with development of manufacture process.

show abstract

Measuring employees’ compliance – the importance of value pluralism

Cited by 26 publications

References 52 publications

You’ve Left Me No Choices: Security Economics to Inform Behaviour Intervention Support in Organizations

You’ve Left Me No Choices: Security Economics to Inform Behaviour Intervention Support in Organizations

An activity theory approach to information security non-compliance

Design and manufacture of umanned aerial vehicles (UAV) wing structure using composite materials

Contact Info

Product

Resources

About