scholarly journals Behavioral Information Security: Defining the Criterion Space

2021 ◽  
Author(s):  
Jeffrey Stanton ◽  
Cavinda Caldera ◽  
Ashley Isaac ◽  
Kathryn Stam ◽  
Slawomir Marcinkowski
Keyword(s):  
Information Security ◽  
Human Action ◽  
Information Security Behavior ◽  
Criterion Space ◽  
Security Behavior ◽  
Behavioral Domain ◽  
Antecedents And Consequences ◽  
Constructive Behavior ◽  
Behavioral Information Security ◽  
Behavioral Information

The success of information security appears to depend in part upon the effective behavior of the individuals involved in its use. Appropriate and constructive behavior by end users, system administrators, and others can enhance the effectiveness of information security while inappropriate and destructive behaviors can substantially inhibit its effectiveness. The present research focuses on “behavioral information security” which is defined as the complexes of human action that influence the availability, confidentiality, and integrity of information systems. Because research in this area is so new, in the present in study we focused on delineating and understanding the behavioral domain. Our goal for this study was to construct and test a taxonomy of information security behaviors. We expect that this knowledge can support later research efforts that focus on understanding the antecedents and consequences of information security behavior.

Investigating the Information Perception Value (IPV) Model in Maintaining the Information Security

2020 ◽  
pp. 499-524
Author(s):  
Sharul Tajuddin ◽  
Afzaal H. Seyal ◽  
Norfarrah Binti Muhamad Masdi ◽  
Nor Zainah H. Siau
Keyword(s):  
Data Analysis ◽  
Information Security ◽  
Social Values ◽  
Information Value ◽  
Information Security Behavior ◽  
Monetary Value ◽  
Security Environment ◽  
Brunei Darussalam ◽  
Security Behavior ◽  
Information Values

This pioneering study is conducted among 150 employees from various ministries of Brunei Darussalam regarding their perception in maintaining the information security and to validate the IPV model using linear regression data analysis techniques. The IPV model identifies the factors that affect the user's perception of information values and to further assess as how these perceptions of information value affect their behavior in information security environment. The results show that IPV model have significant predicting power the employees' behavior with more than half of the variance (59%) in information value is shared by these six contextual variables. However, four out of six antecedent variables monetary value, ministerial jurisdiction, spiritual, and social values are significantly predicting the information value. The study has significant impact both for the researchers and practitioners and will add value to the current repository of broad knowledge in information security behavior.

The Cultural Foundation of Information Security Behavior

2021 ◽  
pp. 522-545
Author(s):  
Canchu Lin ◽  
Anand S. Kunnathur ◽  
Long Li
Keyword(s):  
Organizational Culture ◽  
Information Security ◽  
Security Policy ◽  
Behavior Control ◽  
Policy Compliance ◽  
Information Security Policy ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Information Security Policy Compliance ◽  
Security Policy Compliance

Past behavior research overwhelmingly focused on information security policy compliance and under explored the role of organizational context in shaping information security behaviors. To address this research gap, this study integrated two threads of literature: organizational culture, and information security behavior control, and proposed a framework that integrates mid-range theories used in empirical research, connects them to organizational culture, and predicts its role in information security behavior control. Consistent with the cultural-fit perspective, this framework shows that information security policy compliance fits hierarchical culture and the approach of promoting positive, proactive, and emerging information security behaviors fits participative culture. Contributions and practical implications of this framework, together with future research directions, are discussed.

Future directions for behavioral information security research

2013 ◽  
Vol 32 ◽  
pp. 90-101 ◽  
Author(s):  
Robert E. Crossler ◽  
Allen C. Johnston ◽  
Paul Benjamin Lowry ◽  
Qing Hu ◽  
Merrill Warkentin ◽  
...  
Keyword(s):  
Information Security ◽  
Future Directions ◽  
Security Research ◽  
Behavioral Information Security ◽  
Behavioral Information

scholarly journals Organizational Information Security Management for Sustainable Information Systems: An Unethical Employee Information Security Behavior Perspective

2020 ◽  
Vol 12 (8) ◽  
pp. 3163
Author(s):  
Amanda M. Y. Chu ◽  
Mike K. P. So
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Security Management ◽  
Information Security Management ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Different Types ◽  
Employee Information ◽  
Willingness To Report ◽  
Security Incidents

This article examines the occurrences of four types of unethical employee information security behavior—misbehavior in networks/applications, dangerous Web use, omissive security behavior, and poor access control—and their relationships with employees’ information security management efforts to maintain sustainable information systems in the workplace. In terms of theoretical contributions, this article identifies and develops reliable and valid instruments to measure different types of unethical employee information security behavior. In addition, it investigates factors affecting different types of such behavior and how such behavior can be used to predict employees’ willingness to report information security incidents. In terms of managerial contributions, the article suggests that information security awareness programs and perceived punishment have differential effects on the four types of unethical behavior and that certain types of unethical information security behavior exert negative effects on employees’ willingness to report information security incidents. The findings will help managers to derive better security rules and policies, which are important for business continuity.

Sign in / Sign up

Export Citation Format

Share Document