Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study

Puhakainen, Petri; Siponen, Mikko T.

doi:10.2307/25750704

Cited by 423 publications

(341 citation statements)

References 41 publications

Supporting

Mentioning

332

Contrasting

Order By: Relevance

“…It was pointed out in the first workshop that content which did not appear relevant to the work of the individual employee only had a demotivating effect. Based on the conclusions of Puhakainen and Siponen (2010), and recommendations from NIST (2003), together with opinions collected from the interviews, a successful SAT application needs both to take into account are previous knowledge, and to adapt the con-tent to fit job roles and responsibilities. The intuition is that gamification in itself cannot explicitly simplify the process of delivering the right content to the right people.…”

Section: Personalisation and Freedommentioning

confidence: 99%

Gamification of Information Security Awareness and Training

Gjertsen

Gjære

Bartnes

et al. 2017

Proceedings of the 3rd International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

Abstract:Security Awareness and Training (SAT) programs are commonly put in place to reduce risk related to insecure behaviour among employees. There are however studies questioning how effective SAT programs are in terms of improving end-user behaviours. In this context, we have explored the potential of applying the concept of gamification -i.e. using game mechanics -to increase motivation and learning outcomes. An interactive SAT prototype application was developed, based on interviews with security experts and a workshop with regular employees at two companies. The prototype was tested by employees in a second workshop. Our results indicate that gamification has potential for use in SAT programs, in terms of potential strengths in areas where current SAT efforts are believed to fail. There are however significant pitfalls one must avoid when designing such applications, and more research is needed on long-term effects of a gamified SAT application.

show abstract

Section: Personalisation and Freedommentioning

confidence: 99%

Gamification of Information Security Awareness and Training

Gjertsen

Gjære

Bartnes

et al. 2017

Proceedings of the 3rd International Conference on Information Systems Security and Privacy

View full text Add to dashboard Cite

show abstract

“…It is also an "insiderthreat" where there is strong non-compliance behavior of employees related to the information security policies [26]. "If users do not comply with ISsec policies, ISsec measures lose their efficacy" [27]. Furthermore, Shadow IT has an important dual-use context [28], [29], [30] where its use can have positive and negative consequences.…”

Section: Shadow Itmentioning

confidence: 99%

Influence of Shadow IT on Innovation in Organizations

Silic

Oblakovic

2016

CSIMQ

View full text Add to dashboard Cite

Abstract. Shadow IT is relatively new and emerging phenomenon which is bringing number of concerns and risks to the organizational security. Past literature has mostly explored the "negative" effects of the Shadow IT phenomenon, including, for example, the security aspect where Shadow systems are said to undermine the official systems and endanger organizational data flows. However, the question of how Shadow IT can contribute to leverage user's innovation has not been adequately addressed. We used three methods to understand if Shadow IT can be an important source of innovation for firms: 1) Single case study with international firm that adopted Shadow IT; 2) Interviews with 15 IT executives and 3) Focus group using twitter as enabling tool to interact with 65 IT professionals. We offer a new perspective on how Shadow IT practices can leverage user's innovation. The study offers novel insights on the role of Shadow users in the organizational innovation process and how they contribute to new innovations by using Shadow IT. Not only this user led innovation through Shadow IT brings positive outcomes for the employee, but it also reveals the path to follow for organizations to increase their innovation capabilities.

show abstract

“…Unsecure employee behaviors are a major contributor to the breach of employee data, and researchers have proposed several interventions, such as security training (Puhakainen & Siponen, 2010), to increase employees' secure behaviors. However, many employees continue to engage in unsecure security practices.…”

Section: Overview Of Papersmentioning

confidence: 99%

The Importance of the Interface between Humans and Computers on the Effectiveness of eHRM

Johnson¹,

Lukaszewski²,

Stone³

2017

THCI

View full text Add to dashboard Cite

Abstract:Technology has had a dramatic impact on the practice of human resources, and its impact is rapidly increasing. Even so, little research has examined how to apply information systems and human-computer interaction principles to designing human resource information systems. In this paper, we focus more closely on the role that the interface between the computer and human play in the success of electronic human resource management. Specifically, we a) briefly review the individual requirements of several eHRM functions (e.g., e-recruiting, e-selection, e-learning, ecompensation/benefits), b) consider how an understanding of human computer interaction can facilitate the success of these systems, c) reviews research on technical issues associated with eHRM, and d) highlight how applying HCI principles can increase their effectiveness. In addition, we introduce the remaining seven papers in the special issue.

show abstract

Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study

Cited by 423 publications

References 41 publications

Gamification of Information Security Awareness and Training

Gamification of Information Security Awareness and Training

Influence of Shadow IT on Innovation in Organizations

The Importance of the Interface between Humans and Computers on the Effectiveness of eHRM

Contact Info

Product

Resources

About