Why employees share information security advice? Exploring the contributing factors and structural patterns of security advice sharing in the workplace. (February 2017)
- Record Type:
- Journal Article
- Title:
- Why employees share information security advice? Exploring the contributing factors and structural patterns of security advice sharing in the workplace. (February 2017)
- Main Title:
- Why employees share information security advice? Exploring the contributing factors and structural patterns of security advice sharing in the workplace
- Authors:
- Dang-Pham, Duy
Pittayachawan, Siddhi
Bruno, Vince - Abstract:
- Abstract: As modern organisations are dealing with a growing amount of data and strategic information systems, the need to protect these vital assets becomes paramount. An emerging topic in behavioural security field is security advice sharing, which plays a crucial role in helping organisations develop people-centric security workplaces whereby the employees' information security awareness and personal accountability for security are fostered. This research employs social network analysis methods to explore why the employees are willing to share information security advice, as well as examines the structural patterns of this sharing network. We found favourable security attitude and engagement in daily activities have positive impacts on security advice sharing, whereas perceiving too much social pressure makes the employees deliberately refuse to share security advice. We also found security advice sharing is transitive and non-reciprocal, and there are a few dominant employees who control the flow of security advice. Practical recommendations about strategies to increase security advice sharing within the workplace are discussed, and by conducting this research we demonstrate the empirical adoption of social network analysis techniques in the behavioural security field. Highlights: We used ERGM to study the patterns and formation of security advice network. Positive security attitude and accountability increase sharing security advice. Employees who share security adviceAbstract: As modern organisations are dealing with a growing amount of data and strategic information systems, the need to protect these vital assets becomes paramount. An emerging topic in behavioural security field is security advice sharing, which plays a crucial role in helping organisations develop people-centric security workplaces whereby the employees' information security awareness and personal accountability for security are fostered. This research employs social network analysis methods to explore why the employees are willing to share information security advice, as well as examines the structural patterns of this sharing network. We found favourable security attitude and engagement in daily activities have positive impacts on security advice sharing, whereas perceiving too much social pressure makes the employees deliberately refuse to share security advice. We also found security advice sharing is transitive and non-reciprocal, and there are a few dominant employees who control the flow of security advice. Practical recommendations about strategies to increase security advice sharing within the workplace are discussed, and by conducting this research we demonstrate the empirical adoption of social network analysis techniques in the behavioural security field. Highlights: We used ERGM to study the patterns and formation of security advice network. Positive security attitude and accountability increase sharing security advice. Employees who share security advice also give troubleshooting & work advice. Employees seek security advice from colleagues whom they trust. Security advice network tends to be transitive and not reciprocal. … (more)
- Is Part Of:
- Computers in human behavior. Volume 67(2017)
- Journal:
- Computers in human behavior
- Issue:
- Volume 67(2017)
- Issue Display:
- Volume 67, Issue 2017 (2017)
- Year:
- 2017
- Volume:
- 67
- Issue:
- 2017
- Issue Sort Value:
- 2017-0067-2017-0000
- Page Start:
- 196
- Page End:
- 206
- Publication Date:
- 2017-02
- Subjects:
- Information security behaviour -- Information security management -- Knowledge sharing -- Social network analysis -- Exponential random graph modeling
Interactive computer systems -- Periodicals
Man-machine systems -- Periodicals
004.019 - Journal URLs:
- http://www.sciencedirect.com/science/journal/07475632 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.chb.2016.10.025 ↗
- Languages:
- English
- ISSNs:
- 0747-5632
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.921600
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 1166.xml