Work-related groups and information security policy compliance

Sommestad, Teodor

doi:10.1108/ics-08-2017-0054

Cited by 13 publications

(9 citation statements)

References 41 publications

(58 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The findings of this study indicate that organizational culture indeed does matter for information security compliance. While some earlier studies (Alarifi et al , 2012; McCoy et al , 2009; Goo et al , 2013; Lowry et al , 2013; Sommestad, 2018) have indicated the existence of a relationship between organizational culture and information security behavior, very little attention has been given to the question of how different types of organizational culture influences information security behavior differently (Karlsson et al , 2015). This study supplies important evidence that the type of organizational culture that characterizes an organization influences employees’ tendency to comply with information security policies.…”

Section: Discussionmentioning

confidence: 99%

“…The Karlsson et al (2015) study is one of the most recent and extensive reviews that made an effort to categorize the variety of topics covered in research. Karlsson et al (2015) concluded, based on a bottom-up classification of research papers, that a significant share of the conducted research has addressed the relationship between organizational culture and information security (Alarifi et al, 2012;McCoy et al, 2009;Goo et al, 2013;Lowry et al, 2013;Sommestad, 2018). Work in this category has set out to test the basic assumption that culture affects information security in organizations.…”

Section: Organizational Culture and Information Security Policy Compliancementioning

confidence: 99%

“…Similarly, D'Arcy and Greene (2014) found that information security culture had a significant positive relationship with employees’ security compliance intentions. Sommestad (2018) investigated whether variations in employees’ information security compliance could be explained by what work-related groups to which they belonged. Similarities within groups and variations between groups, Sommestad argues, could be evidence of an influence of culture on information security behavior.…”

Section: Conceptual Frameworkmentioning

confidence: 99%

See 2 more Smart Citations

The effect of perceived organizational culture on employees’ information security compliance

Karlsson

Åström

et al. 2021

ICS

View full text Add to dashboard Cite

Purpose This paper aims to investigate the connection between different perceived organizational cultures and information security policy compliance among white-collar workers. Design/methodology/approach The survey using the Organizational Culture Assessment Instrument was sent to white-collar workers in Sweden (n = 674), asking about compliance with information security policies. The survey instrument is an operationalization of the Competing Values Framework that distinguishes between four different types of organizational culture: clan, adhocracy, market and bureaucracy. Findings The results indicate that organizational cultures with an internal focus are positively related to employees’ information security policy compliance. Differences in organizational culture with regards to control and flexibility seem to have less effect. The analysis shows that a bureaucratic form of organizational culture is most fruitful for fostering employees’ information security policy compliance. Research limitations/implications The results suggest that differences in organizational culture are important for employees’ information security policy compliance. This justifies further investigating the mechanisms linking organizational culture to information security compliance. Practical implications Practitioners should be aware that the different organizational cultures do matter for employees’ information security compliance. In businesses and the public sector, the authors see a development toward customer orientation and marketization, i.e. the opposite an internal focus, that may have negative ramifications for the information security of organizations. Originality/value Few information security policy compliance studies exist on the consequences of different organizational/information cultures.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Organizational Culture and Information Security Policy Compliancementioning

confidence: 99%

Section: Conceptual Frameworkmentioning

confidence: 99%

See 1 more Smart Citation

The effect of perceived organizational culture on employees’ information security compliance

Karlsson

Åström

et al. 2021

ICS

View full text Add to dashboard Cite

show abstract

“…On the other hand, TPB was applied by Lee (2009) to understand customers' intention to use online banking. It was also applied by Sommestad (2018) to understand how work-related groups influence employees' intention towards information security policy compliance. Some studies extended these theories by merging them, adding new relevant factors, or merging other theories to understand how people protect themselves from being victimised by phishing attacks.…”

Section: Theoretical Backgroundmentioning

confidence: 99%

To click or not to click the link: the factors influencing internet banking users’ intention in responding to phishing emails

Manoharan

Katuk

Hassan

et al. 2021

ICS

View full text Add to dashboard Cite

Purpose Despite internet banking’s popularity, there is a rise in phishing attacks related to online banking transactions. Phishing attacks involved the process of sending out electronic mails impersonating the valid banking institutions to their customers and demanding confidential data such as credential and transaction authorisation code. The purpose of this paper is to propose a theoretical model of individual and technological factors influencing Malaysian internet banking users’ intention in responding to malicious uniform resource locator (URL) in phishing email content. Design/methodology/approach It applied the protective motivation theory, the theories of reasoned action and planned behaviour, the habit theory and the trust theory to examine the factors influencing internet banking users’ intention to click URLs in phishing emails. The study identifies individual and technological factors with ten hypotheses. A total of 368 Malaysian respondents voluntarily participated in an online survey conducted in the first week of March 2021. The partial least squares method provided in SmartPLS-3 was used to model the data. Findings The results revealed that individual factors, namely, internet banking experience, understanding the phishing meaning, response cost, trust and perceived ability were the significant influencing factors of internet banking users’ intention to click the link in phishing emails. This study also suggested that technological factors were not relevant in describing the behavioural intention of internet banking users in clicking the links in phishing emails. Social implications The findings could contribute to Malaysian banking sectors and relevant government agencies in educating and increasing internet banking users’ awareness towards phishing emails. Originality/value The outcomes demonstrated the individual factors that influenced internet banking users’ intention in responding to phishing emails that are specific and relevant to Malaysia’s context.

show abstract

“…A number of studies have investigated what influences individuals' motivation for information security compliance. A recent study of 2,000 Swedish workers found, that the work group's influence on individuals' intention to comply with information security policy was weak to moderate (Sommestad, 2018). Individual perceptions had a stronger influence, and it was concluded that information security perceptions in work groups are diverse, and decisions appear to be based on individual perceptions rather than group processes.…”

Section: Introductionmentioning

confidence: 99%

The role of organizational and social factors for information security in a nuclear power industry

Gyllensten

Törner

2021

OCJ

View full text Add to dashboard Cite

PurposeThe aim of this study was to explore the organizational and social prerequisites for employees' participative and rule-compliant information security behaviour in Swedish nuclear power production and its related industry. These industries are high-risk activities that must be meticulously secured. Protecting the information security in the related organizations is an essential aspect of this.Design/methodology/approachIndividual in-depth interviews were conducted with 24 employees in two organizations within the nuclear power industry in Sweden.FindingsWe found that prerequisites for employees' participative and rule-compliant information security behaviour could be categorized into structural, social and individual aspects. Structural aspects included well-adapted rules, knowledge support and resources. Social aspects included a supportive organizational culture, collaboration and adequate resources, and individual aspects included individual responsibility.Originality/valueThe qualitative approach of the study provided comprehensive descriptions of the identified preconditions. The results may thus enable organizations to better promote conditions important for information security in a high-risk industry.

show abstract

Work-related groups and information security policy compliance

Cited by 13 publications

References 41 publications

The effect of perceived organizational culture on employees’ information security compliance

The effect of perceived organizational culture on employees’ information security compliance

To click or not to click the link: the factors influencing internet banking users’ intention in responding to phishing emails

The role of organizational and social factors for information security in a nuclear power industry

Contact Info

Product

Resources

About