Behavioral Information Security Management

Warkentin, Merrill; Mutchler, Leigh A.

doi:10.1201/b16768-62

Cited by 3 publications

(3 citation statements)

References 74 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Behavioural InfoSec researchers may apply SNA methods to investigate the impacts of networks on various InfoSec perceptions and behaviours provided by theories in the field. The literature reviews conducted by Padayachee (2012), Sommestad et al (2014) and Warkentin and Mutchler (2014) have identified theoretical variables of prominent theories such as protection motivation theory (Rogers, 1975), theory of planned behaviour (Ajzen, 2011) and general deterrence theory (Straub & Welke, 1998); some of these variables have been consistently found to motivate InfoSec compliance and deter potential InfoSec violations. Researchers can perform SNA to evaluate the impacts of employees' interactions on the important drivers of InfoSec compliance, such as attitude toward InfoSec, subjective norms, perceptions of cyber-threats and severity of InfoSec sanctions.…”

Section: Methodological Contributions To Infosec Researchmentioning

confidence: 99%

Explaining the Development of Information Security Climate and an Information Security Support Network: A Longitudinal Social Network Analysis

Dang-Pham

Kautz²,

Pittayachawan³

et al. 2019

AJIS

View full text Add to dashboard Cite

Behavioural information security (InfoSec) research has studied InfoSec at workplaces through the employees’ perceptions of InfoSec climate, which is determined by observable InfoSec practices performed by their colleagues and direct supervisors. Prior studies have identified the antecedents of a positive InfoSec climate, in particular socialisation through the employees’ discussions of InfoSec-related matters to explain the formation of InfoSec climate based on the employees’ individual cognition. We conceptualise six forms of socialisation as six networks, which comprise employees’ provisions of (1) work advice, (2) organisational updates, (3) personal advice, (4) trust for expertise, (5) InfoSec advice, and (6) InfoSec troubleshooting support. The adoption of a longitudinal social network analysis (SNA), called stochastic actor-oriented modelling (SAOM), enabled us to analyse the changes in the socialising patterns and the InfoSec climate perceptions over time. Consequently, this analysis explains the forming mechanisms of the employees’ InfoSec climate perceptions as well as their socialising process in greater detail. Our findings in relation to the forming mechanisms of InfoSec-related socialisation and InfoSec climate, provide practical recommendations to improve organisational InfoSec. This includes identifying influential employees to diffuse InfoSec knowledge within a workplace. Additionally, this research proposes a novel approach for InfoSec behavioural research through the adoption of SNA methods to study InfoSec-related phenomena.

show abstract

Section: Methodological Contributions To Infosec Researchmentioning

confidence: 99%

Explaining the Development of Information Security Climate and an Information Security Support Network: A Longitudinal Social Network Analysis

Dang-Pham

Kautz²,

Pittayachawan³

et al. 2019

AJIS

View full text Add to dashboard Cite

show abstract

“…This construct intends to explain employees' perceptions concerning organisational measures set in place to harmonise productivity levels with essential Information Security Compliance efforts. At the base of the INT construct lies the pursuit of exploring the knowledge about how the collective endeavors and interactions within an organization mold and shape individual behavioral intentions geared towards compliance, as clearly stated in Warkentin and Mutchler (2022), as well in Duzenci et al (2023), and defined in the outline of perspective directions for research in Crossler et al (2013).…”

Section: Construct Intmentioning

confidence: 99%

Organizational Determinants and Compliance Behavior to Shape Information Security Plan

Cavallari

2023

Acad. J. Interdiscip. Stud.

View full text Add to dashboard Cite

In the advanced field of Information and Communication Technology (ICT) within modern corporate frameworks, the pressing issue of non-compliance becomes increasingly crucial. Achieving the ideal balance—where one fosters consistent employee commitment without resorting to overly harsh penalties for possible violations—presents a complex problem. Such a nuanced relationship calls for a synchronized coordination among the company’s underlying factors, the principles of the Information Security Plan (ISP), and overarching compliance mandates. As companies step into a period where digital environments are in constant flux, the importance of securing information systems rises to a critical level. Against this backdrop, compliance stands out as a vital component, functioning as a stringent safeguard in the ongoing mission to protect precious digital assets—a mission comprehensively detailed within the ISP. This in-depth academic study sets out to rigorously explore and scrutinize the diverse opinions and beliefs of committed employees and insightful management concerning unwavering company alignment with the ISP. This is accomplished by defining a construct that centers on key dimensions: Organizational Culture, Personal Attitudes, Actors, Behavioral Intentions, and Motivational Dynamics. Eleven Hypotheses are outlined and represent the materialisation of the model. This model form a starting point from which future empirical exploration will be able to take place, propelling us towards a deeper understanding of the phenomena under scrutiny. Received: 15 September 2023 / Accepted: 23 October 2023 / Published: 5 November 2023

show abstract

“…Technologies and controls surround and protect the organization's systems from external threats (Cavusoglu et al, 2009). Within the protective walls, employee actions represent potential threats that are often underestimated and at times overlooked (Warkentin and Mutchler, 2014). Because employees possess intimate knowledge of the organization's processes and have access rights to the organization's systems, they are uniquely capable of effecting harm to the organization through their actions (Im and Baskerville, 2005).…”

Section: Introductionmentioning

confidence: 99%

Response awareness and instructional self-efficacy: influences on intent

Mutchler

2019

ICS

View full text Add to dashboard Cite

Purpose This paper aims to examine the influence of response awareness on behavioral intent, and introduces instructional self-efficacy, a construct rarely examined within the context of information security (ISec). Design/methodology/approach A Web-based survey was conducted and a total of 211 valid responses were analyzed. The relationships among response awareness, instructional self-efficacy and behavioral intent were examined through a three-phase structural equation modeling analysis. Findings The results indicate that even at low levels, response awareness has a strong influential effect on the behavioral intent to perform the secure response and on the self-efficacy to instruct others to perform the response. Instructional self-efficacy was also found to be a significant predictor of behavioral intent to perform the response. Finally, evidence was found indicating instructional self-efficacy fully mediates the response awareness to the behavioral intent relationship. Research limitations/implications Because of the characteristics of the population, the focus on a single ISec response and the dependent variable of behavioral intent rather than actual behavior, the generalizability of the findings is impacted. Practical implications The results contribute to practice by confirming the importance of response awareness and of instructional self-efficacy within an ISec context. Specific implications include the indication that informal communications about ISec issues among peers should be encouraged and that instructional self-efficacy should be targeted within ISec awareness training programs. Originality/value This paper’s parsimonious model defined response awareness as vicarious experience with a response and presented instructional self-efficacy, a construct novel to ISec studies that was found to be a significant influence within the relationship between response awareness and behavioral intent.

show abstract

Behavioral Information Security Management

Cited by 3 publications

References 74 publications

Explaining the Development of Information Security Climate and an Information Security Support Network: A Longitudinal Social Network Analysis

Explaining the Development of Information Security Climate and an Information Security Support Network: A Longitudinal Social Network Analysis

Organizational Determinants and Compliance Behavior to Shape Information Security Plan

Response awareness and instructional self-efficacy: influences on intent

Contact Info

Product

Resources

About