Employees’ adherence to information security policies: An exploratory field study

Siponen, Mikko T.; Mahmood, Mo Adam; Pahnila, Seppo

doi:10.1016/j.im.2013.08.006

Cited by 382 publications

(303 citation statements)

References 13 publications

Supporting

Mentioning

288

Contrasting

Unclassified

Order By: Relevance

“…For example, people may have different opinions as to "how big a risk actually is" when it comes to security breaches or attacks. If the perceived risk of a security breach is low, one might not be as mindful to enact according to the security policies (Siponen et al, 2014). Other factors, such as benefit versus cost of compliance and work impediment, may lead people to diverge from compliance because the efforts of acting securely are considered too much of an inconvenience.…”

Section: Introductionmentioning

confidence: 99%

Gamification of Information Security Awareness and Training

Gjertsen

Gjære

Bartnes

et al. 2017

Proceedings of the 3rd International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

Abstract:Security Awareness and Training (SAT) programs are commonly put in place to reduce risk related to insecure behaviour among employees. There are however studies questioning how effective SAT programs are in terms of improving end-user behaviours. In this context, we have explored the potential of applying the concept of gamification -i.e. using game mechanics -to increase motivation and learning outcomes. An interactive SAT prototype application was developed, based on interviews with security experts and a workshop with regular employees at two companies. The prototype was tested by employees in a second workshop. Our results indicate that gamification has potential for use in SAT programs, in terms of potential strengths in areas where current SAT efforts are believed to fail. There are however significant pitfalls one must avoid when designing such applications, and more research is needed on long-term effects of a gamified SAT application.

show abstract

Section: Introductionmentioning

confidence: 99%

Gamification of Information Security Awareness and Training

Gjertsen

Gjære

Bartnes

et al. 2017

Proceedings of the 3rd International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

show abstract

“…A vital conclusion from Ifinedo's (2012) research is that attitude towards compliance has the greatest effect on information security policy compliance. Similarly, Siponen et al (2014) claim that employees' perceived severity, vulnerability, selfefficacy, normative beliefs and attitude have a positive and significant impact on their intention to comply with information security policies and procedures. More recently, Sherif et al (2015) recommended five variables that could influence information security culture, namely, information security behavior, top management support, security education and awareness, the information security policy and information security acceptance.…”

Section: Problem Statementmentioning

confidence: 99%

Technology Of Trust: Safely In, Securely Out System (E-Siso)

Razak¹

2018

The European Proceedings of Social and Behavioural Sciences

View full text Add to dashboard Cite

Nowdays, integrity and trust is raised and expanded. In making sure that the system to be successful, these two elements are needed. It is the main task as a service provider to guarantee a system that is always free from any errors. Due to this reason, a system called SAFELY IN, SECURELY OUT SYSTEM (E-SISO) is created. E-SISO is a security system focusing on thumbprint method that is specially created for Immigration Department of Malaysia in convincing the public that they are "Doing It Right the First Time". E-SISO is concentrating into solving and diminishing any arise issues during the arresting procedures of PATI up to their releasing day. The main highlight of E-SISO is the promising process that resulted to zero error. This can only be done when the PATI (suspect or "OKT") is "Safely In" throughout the whole processes and they are "Securely Out" during releasing day without any complaints for any loss that covering the individuals and their belongings. There are lots of advantages and benefits of E-SISO from being paperless to guaranteeing software interoperability and meeting current standards. As for novelty factor, E-SISO will be the first to be implemented in Immigration Department of Malaysia which can be a model for generalization purposes to other public security departments.

show abstract

“…In the modern environment, information security is the most important and controversial subject among experts [1]. Applying different strategies, such as acting based on information security organisational procedures and policies [2], information security conscious care behaviour [3], sharing information security knowledge [4,5] and information security collaboration in organisations [6], have been acknowledged to be useful in decreasing the vulnerability of information security incidents in companies. A novel conceptual model is presented in this study that depicts how collaboration develops and reduces the risk of information security incidents in organisations.…”

Section: Introductionmentioning

confidence: 99%

Information security collaboration formation in organisations

Safa

Maple

Watson

et al. 2018

IET Information Security

View full text Add to dashboard Cite

Collaboration between employees in the domain of information security efficiently mitigates the effect of information security attacks on organisations. Collaboration means working together to do or to fulfil a shared goal, the target of which in this paper is the protection of the information assets in organisations. Information Security Collaboration (ISC) aims to aggregate the employees' contribution against information security threats. This study clarifies how ISC is to be developed and how it helps to reduce the effect of attacks. The socialisation of collaboration in the domain of information security applies two essential theories: Social Bond Theory (SBT) and the Theory of Planned Behaviour (TPB). The results of the data analysis revealed that personal norms, involvement, and commitment significantly influence the employees' attitude towards ISC intention. However, contrary to our expectation, attachment does not influence the attitude of employees towards ISC. In addition, attitudes towards ISC, perceived behavioural control, and personal norms significantly affect the intention towards ISC. The findings also show that the intention for ISC and organisational support positively influence ISC, but that trust does not significantly affect ISC behaviour.

show abstract

Employees’ adherence to information security policies: An exploratory field study

Cited by 382 publications

References 13 publications

Gamification of Information Security Awareness and Training

Gamification of Information Security Awareness and Training

Technology Of Trust: Safely In, Securely Out System (E-Siso)

Information security collaboration formation in organisations

Contact Info

Product

Resources

About