Organizational power and information security rule compliance

Kolkowska, Ella; Dhillon, Gurpreet

doi:10.1016/j.cose.2012.07.001

Cited by 49 publications

(34 citation statements)

References 31 publications

(40 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Yet, it is not uncommon to observe end users veering off or deviating from basic moral standards and organizational expectations due to reasons such as thrill‐seeking, dissatisfaction, carelessness, and sheer ignorance , . Unfortunately, a worker who engages in a PROSCRIBED IS security behavior may continue to do so daily at work and so inadvertently put his or her organization at risk , . To effectively manage and control employees' nonmalicious IS security behaviors in the workplace, researchers need to have a clear and thorough understanding of the phenomenon.…”

Section: Background Informationmentioning

confidence: 99%

End user nonmalicious, counterproductive computer security behaviors: concept, development, and validation of an instrument

Ifinedo

2019

Security and Privacy

View full text Add to dashboard Cite

Employees' engagement in nonmalicious, counterproductive computer security behaviors (CCSB) poses a threat to organizations' information systems (IS) resources and assets. In order to understand CCSB, there is a need to propose theoretical foundations to research the phenomenon and to offer useful tools to help organizations assess such behaviors in their particular contexts. Relevant instruments that systematically measure or assess workers' participation in CCSB remain underdeveloped. This study proposes an instrument to assess engagement in CCSB. Confirmatory factor analysis confirmed three subscales of CCSB, that is, "careless use of IS resources," "procrastinating carrying out required IS actions," and "improper use of IS resources." The instrument's relevance to research and practice is discussed and directions for future research are outlined. KEYWORDScounterproductive security behavior, employee, end user, information security, non-malicious IS behavior, scale development, validation 1 Security Privacy. 2019;2:e66.wileyonlinelibrary.com/journal/spy2

show abstract

Section: Background Informationmentioning

confidence: 99%

End user nonmalicious, counterproductive computer security behaviors: concept, development, and validation of an instrument

Ifinedo

2019

Security and Privacy

View full text Add to dashboard Cite

show abstract

“…Consequently, questions about security failures in context need to address the relevance of security policies from the perspectives of professional stakeholders. In many cases, it has been found that professionals attempting to improve their effectiveness will work around security compliance or bypass security measures altogether (Albrechtsen, 2007;Koppel et al, 2015;Kolkowska and Dhillon, 2013). Sadok and Bednar (2016) conducted a survey involving 33 SMEs in the UK on their approach to information security risks.…”

Section: Understanding Deficiencies In Security Practicesmentioning

confidence: 99%

A socio-technical perspective to counter cyber-enabled industrial espionage

Sadok

Welch

Bednár

2019

Secur J

View full text Add to dashboard Cite

The ubiquitous digitization of information and the pervasive connectivity of work systems have inevitably facilitated cyber-enabled industrial espionage. Security failures explain most of cyber industrial espionage incidents, and insider threats represent a significant pattern in many case examples. Insiders can inadvertently or purposefully pose serious threats to organisations by facilitating access to or misuse of proprietary sensitive data. This paper argues that technical security solutions have rather limited scope to tackle this problem, and that a socio-technical approach has potential to provide a better means to address the challenge of preventing and responding to insider threats. Such an approach could bridge the gap between the design and implementation of security solutions and creation of an organizational culture that is security aware.

show abstract

“…Management commitment is an internalised organizational pressure that affects the behaviours of employees in complying with information security standards and policies. The visible participation, ongoing communication and championing of senior management stimulate employees' intentions towards information security compliance and encourage the adherence to information security standards and policies (Knapp et al, 2006;Kolkowska & Dhillon, 2012). Management commitment has a persuasive effect on employees' information security compliance.…”

Section: Management Commitmentmentioning

confidence: 99%

Information Security Compliance in Organizations: An Institutional Perspective

AlKalbani

Deng

Kam

et al. 2017

Data and Information Management

View full text Add to dashboard Cite

The increasing recognition of the importance of information security has created institutional pressures on organizations to comply with information security standards and policies for protecting their information. How such pressures influence information security compliance in organisations, however, is unclear. This paper presents an empirical study to investigate the impact of institutional pressures on information security compliance in organizations. With the use of structural equation modelling for analysing the data collected through an online survey, the study shows that coercive pressures, normative pressures, and mimetic pressures positively influence information security compliance in organizations. It reveals that the benefits of information security compliance motivate management to strengthen their commitments at information security compliance. Furthermore, the study finds out that social pressures do not have a significant impact on management commitments towards information security compliance. Theoretically this study contributes to the information security research by better understanding how institutional pressures can be used for enhancing information security compliance in organizations. Practically this study informs information security policy makers of the major institutional drivers for information security compliance.

show abstract

Organizational power and information security rule compliance

Cited by 49 publications

References 31 publications

End user nonmalicious, counterproductive computer security behaviors: concept, development, and validation of an instrument

End user nonmalicious, counterproductive computer security behaviors: concept, development, and validation of an instrument

A socio-technical perspective to counter cyber-enabled industrial espionage

Information Security Compliance in Organizations: An Institutional Perspective

Contact Info

Product

Resources

About