Work-related groups and information security policy compliance. (12th November 2018)
- Record Type:
- Journal Article
- Title:
- Work-related groups and information security policy compliance. (12th November 2018)
- Main Title:
- Work-related groups and information security policy compliance
- Authors:
- Sommestad, Teodor
- Abstract:
- Abstract : Purpose: It is widely acknowledged that norms and culture influence decisions related to information security. The purpose of this paper is to investigate how work-related groups influence information security policy compliance intentions and to what extent this influence is captured by the Theory of Planned Behavior, an established model over individual decision-making. Design/methodology/approach: A multilevel model is used to test the influence of work-related groups using a cluster sample of responses from 2, 291 employees from 203 worksites, 119 organizations, 6 industries and 38 professions. Findings: The results suggest that work-related groups influence individuals' decision-making in the manner in which contemporary theories of information security culture posit. However, the influence is weak to modest and overshadowed by individual perceptions that are straightforward to measure. Research limitations/implications: This paper is limited to one national culture and four types of work-related groups. However, the results suggest that the Theory of Planned Behavior captures most of the influence that work-related groups have on decision-making. Future research on security culture and similar phenomena should take this into account. Practical implications: Information security perceptions in work-related groups are diverse and information security decisions appear to be based on individual perceptions and priorities rather than groupthink or peer-pressure.Abstract : Purpose: It is widely acknowledged that norms and culture influence decisions related to information security. The purpose of this paper is to investigate how work-related groups influence information security policy compliance intentions and to what extent this influence is captured by the Theory of Planned Behavior, an established model over individual decision-making. Design/methodology/approach: A multilevel model is used to test the influence of work-related groups using a cluster sample of responses from 2, 291 employees from 203 worksites, 119 organizations, 6 industries and 38 professions. Findings: The results suggest that work-related groups influence individuals' decision-making in the manner in which contemporary theories of information security culture posit. However, the influence is weak to modest and overshadowed by individual perceptions that are straightforward to measure. Research limitations/implications: This paper is limited to one national culture and four types of work-related groups. However, the results suggest that the Theory of Planned Behavior captures most of the influence that work-related groups have on decision-making. Future research on security culture and similar phenomena should take this into account. Practical implications: Information security perceptions in work-related groups are diverse and information security decisions appear to be based on individual perceptions and priorities rather than groupthink or peer-pressure. Security management interventions may be more effective if they target individuals rather than groups. Originality/value: This paper tests some of the basic ideas related to information security culture and its influence on individuals' decision-making. … (more)
- Is Part Of:
- Information and computer security. Volume 26:Number 5(2018)
- Journal:
- Information and computer security
- Issue:
- Volume 26:Number 5(2018)
- Issue Display:
- Volume 26, Issue 5 (2018)
- Year:
- 2018
- Volume:
- 26
- Issue:
- 5
- Issue Sort Value:
- 2018-0026-0005-0000
- Page Start:
- 533
- Page End:
- 550
- Publication Date:
- 2018-11-12
- Subjects:
- Organizational policy -- Compliance -- Theory of planned behavior -- Information security behavior -- Information security culture -- Obedience
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-08-2017-0054 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 8776.xml