Skip to main content
SpringerLink
Log in
Book cover

International Information Security Conference

ISSA 2019: Information and Cyber Security pp 1–14Cite as

Information Security Cost Reduction Through Social Means

  • Conference paper
  • First Online:

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1166))

Abstract

As data breaches in mid-sized to large organizations become more frequent and more public, there is a need to focus less on technological solutions to information security management and more on sociological solutions. In this paper cost saving information security initiatives are identified and a framework is proposed for organizational and behavioral change in technical human resources, to better address information security concerns.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Ponemon: Cost of data breach study. Ponemon Institute Research Study (2017)

    Google Scholar 

  2. Verizon: 2017 Data breach investigation report, 10th Edn. (2017). http://www.verizonenterprise.com/verizon-insights-lab/data-breach-digest/2017/

  3. Kaspersky Lab: Damage control: the cost of security breaches, IT security risks special report series (2016)

    Google Scholar 

  4. Van Niekerk, J.F., Von Solms, R.: Information security culture: a management perspective. Comput. Secur. 29, 476–486 (2010)

    Article  Google Scholar 

  5. Garret, C.: Developing a security awareness culture - improving security decision making. SANS Institute InfoSec Reading Room (2004)

    Google Scholar 

  6. Drake, P., Clarke, S.: Social aspects of information security. IGI Global (2009)

    Google Scholar 

  7. Mitnick, K.D., Simon, W.L.: The Art of Deception: Controlling the Human Element of Security. Wiley, Hoboken (2002)

    Google Scholar 

  8. Rotvold, G.: How to create security culture in your organization, Homepage of Information Management (2018). http://content.arma.org/IMM/NovDec2008/How_to_Create_a_Security_Culture.aspx

  9. Colace, F., et al.: A context-aware framework for cultural heritage applications. In: Proceedings - 10th International Conference on Signal-Image Technology and Internet-Based Systems, SITIS 2014, p. 469 (2014)

    Google Scholar 

  10. Wylder, J.: Strategic Information Security. CRC Press, Boca Raton (2004)

    Google Scholar 

  11. Casillo, M., Colace, F., Pascale, F., Lemma, S., Lombardi, M.: A tailor made system for providing personalized services. In: Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE 2017, pp. 495–500 (2017)

    Google Scholar 

  12. Bodin, L.D., Gordon, L.A., Loeb, M.P.: Evaluating information security investments using the analytic hierarchy process. Commun. ACM 48(2), 78–83 (2005)

    Article  Google Scholar 

  13. Parsons, K., McCormac, A., Butavicius, M., Ferguson, L.: Human factors and information security: individual, culture and security environment. Government Research Paper edn. Australian Government, Department of Defence, Defence Science and Technology Organization (2010)

    Google Scholar 

  14. Siponen, M.T.: Five dimensions of information security awareness. Comput. Soc. 31, 24–29 (2001)

    Article  Google Scholar 

  15. Eloff, M.M., Von Solms, S.H.: Information security management: an approach to combine process certification and product evaluation. Comput. Secur. 19(8), 698–709 (2000)

    Article  Google Scholar 

  16. Ruighaver, A.B., Maynard, S.B., Chang, S.: Organizational security culture: extending the end user perspective. Comput. Soc. 26, 56–62 (2007)

    Google Scholar 

  17. Hampden-Turner, C., Trompenaars, F.: The Seven Cultures of Capitalism. Piatkus, London (1994)

    Google Scholar 

  18. Martin, J., Siehl, C.: Organizational culture and counterculture: an uneasy symbioses. Am. Manag. Assoc. 12(3), 52–64 (1983)

    Google Scholar 

  19. Furnham, A., Gunter, B.: Corporate culture: diagnosis and change. In: Cooper, C.L., Robertson, I.T. (eds.) International Review of Industrial and Organizational Psychology. Wiley, Chichester (2003)

    Google Scholar 

  20. Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M., Baskerville, R.: Future directions for behavioral information security research. Comput. Secur. 32(February), 90–101 (2013)

    Article  Google Scholar 

  21. Hsu, J., Shih, S.-P., Hung, Y.W., Lowry, P.B.: How extra-role behaviors can improve information security policy effectiveness. Inf. Syst. Res. 26(2), 282–300 (2015)

    Article  Google Scholar 

  22. D’Arcy, J., Hovav, A.: Deterring internal information systems misuse. Commun. ACM 50(10), 113–117 (2007)

    Article  Google Scholar 

  23. Vance, A., Lowry, P.B., Eggett, D.: A new approach to the problem of access policy violations: increasing perceptions of accountability through the user interface. MIS Q. 39(2), 345–366 (2015)

    Article  Google Scholar 

  24. Mecuri, R.T.: Analyzing security costs. Commun. ACM 46(6), 15–18 (2003)

    Article  Google Scholar 

  25. Brecht, M., Nowey, T.: A closer look at information security costs. In: Böhme, R. (ed.) The Economics of Information Security and Privacy, pp. 3–24. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39498-0_1

    Chapter  Google Scholar 

  26. Scholtz, T.: Articulating the business value of information security. Technical report, Gartner Inc. (2011)

    Google Scholar 

  27. Kaspersky Lab: Cyber security for business – Counting the costs, finding the value (2015)

    Google Scholar 

  28. Oltsik, J.: The cybersecurity skills shortage is getting worse (2019). https://www.csoonline.com/article/3331983/the-cybersecurity-skills-shortage-is-getting-worse.html. Accessed 28 Mar 2019

  29. Cavusoglu, H., Cavusoglu, H., Son, J., Benbasat, I.: Institutional pressures in security management: direct and indirect influences on organizational investment in information security control resources. Inf. Manag. 52(4), 385–400 (2015)

    Article  Google Scholar 

  30. Asen, A., Bohmayr, W., Deutscher, S., Gonzalez, M., Mkrtchian, D.: Are you spending enough on cybersecurity? (2019). https://www.bcg.com/publications/2019/are-you-spending-enough-cybersecurity.aspx. Accessed 26 Mar 2019

  31. Gordon, L., Loeb, M.: The economics of information security investment. ACM Trans. Inf. Syst. Secur. (TISSEC) 5(4), 438–457 (2002)

    Article  Google Scholar 

  32. Longstaff, T., Chittister, C., Pethia, R., Haimes, Y.: Are we forgetting the risk of information technology. IEEE Comput. 33(12), 43–51 (2000)

    Article  Google Scholar 

  33. Tsiakis, T., Stephanides, G.: The economic approach of information security. Comput. Secur. 24, 105–108 (2005)

    Article  Google Scholar 

  34. Kanfer, R., Chen, G., Pritchard, R.D.: Work Motivation: Past, Present and Future. Routledge, New York (2012)

    Book  Google Scholar 

  35. Kozlowski, S.W.: The Oxford Handbook of Organizational Psychology, vol. 1. Oxford University Press, Oxford (2012)

    Book  Google Scholar 

  36. Hendijani, R., Bischak, D.P., Arvai, J., Dugar, S.: Intrinsic motivation, external reward, and their effect on overall motivation and performance. Hum. Perform. 29(4), 251–274 (2016)

    Article  Google Scholar 

  37. Bartol, K.M., Durham, C.C.: Incentives: theory and practice. In: Cooper, C., Locke, E. (eds.) Industrial and Organizational Psychology. Blackwell, Oxford (2000)

    Google Scholar 

  38. Eisenberger, R., Aselage, J.: Incremental effects of reward on experienced performance pressure: positive outcomes for intrinsic interest and creativity. J. Organ. Behav. 30(1), 95–117 (2009)

    Article  Google Scholar 

  39. Catania, A.C.: Positive psychology and positive reinforcement. Am. Psychol. 56(1), 86–87 (2001)

    Article  MathSciNet  Google Scholar 

  40. Wei, L.T., Yazdanifard, R.: The impact of positive reinforcement on employees’ performance in organizations. Am. J. Ind. Bus. Manag. 4, 9–12 (2014)

    Google Scholar 

  41. Deci, E.L., Koestner, R., Ryan, R.M.: Extrinsic rewards and intrinsic motivation in education: reconsidered once again. Rev. Educ. Res. 71(1), 1–27 (2001)

    Article  Google Scholar 

  42. Linz, S.J., Semykina, A.: What makes workers happy? Anticipated rewards and job satisfaction. Ind. Relat. 51(4), 811–844 (2012)

    Article  Google Scholar 

  43. Malik, M.A.R., Butt, A.N., Nam Choi, J.: Rewards and employee creative performance moderating effects of creative self-efficacy, reward importance, and locus of control. J. Organ. Behav. 36, 59–74 (2015)

    Article  Google Scholar 

  44. Liu, Y.: Reward strategy in Chinese IT industry. Int. J. Bus. Manag. 5(2), 119–127 (2010)

    MathSciNet  Google Scholar 

  45. Hübner, R., Schlösser, J.: Monetary reward increases attentional effort in the Flanker task. Psychon. Bull. Rev. 17(6), 821–826 (2010)

    Article  Google Scholar 

  46. Schuster, J., Weatherhead, P., Zingheim, P.: Pay for performance works: the United States postal service presents a powerful business case. Worldat Work J. 15(1), 24–31 (2006)

    Google Scholar 

  47. Cerasoli, C.P., Nicklin, J.M., Ford, M.T.: Intrinsic motivation and extrinsic incentives jointly predict performance: a 40-year meta-analysis. Psychol. Bull. 140(4), 980–1008 (2014)

    Article  Google Scholar 

  48. Garbers, Y., Konradt, U.: The effect of financial incentives on performance: a quantitative review of individual and team-based financial incentives. J. Occup. Organ. Psychol. 87(1), 102–137 (2014)

    Article  Google Scholar 

  49. Sonawane, P.: Non-monetary rewards: employee choices & organizational practices. Indian J. Ind. Relat. 44(2), 256–271 (2008)

    Google Scholar 

  50. Howard, J.L.: The use of non-monetary motivators in small business. Entrep. Exec. 13, 17–29 (2008)

    Google Scholar 

  51. Shiraz, N., Rashid, M., Riaz, A.: The impact of re-ward and recognition programs on employee’s motivation and satisfaction. Interdisc. J. Contemp. Res. Bus. 3(3), 1428–1434 (2011)

    Google Scholar 

  52. Gohari, P., Ahmadloo, A., Boroujeni, M.B., Hosseinipour, S.J.: The relationship between rewards and employee performance. Interdisc. J. Contemp. Res. Bus. 5(3), 543–570 (2013)

    Google Scholar 

  53. Sarwar, A., Khalid, A.: Impact of employee empowerment on employee’s job satisfaction and commitment with the organization. Interdisc. J. Contemp. Res. Bus. 3(2), 664–683 (2011)

    Google Scholar 

  54. Elloy, D.: Effects of ability utilization, job influence and organization commitment on employee empowerment: an empirical study. Int. J. Manag. 29(2), 627–632 (2012)

    Google Scholar 

  55. Bojanc, R., Jerman-Blazic, B., Tekavcic, M.: Managing the investment in information security technology by the use of a quantitative model. Inf. Process. Manag. 48, 1031–1052 (2012)

    Article  Google Scholar 

  56. Takemura, T., Komatsu, A.: An empirical study on information security behaviors and awareness. In: Böhme, R. (ed.) The Economics of Information Security and Privacy, pp. 95–114. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39498-0_5

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of South Africa (UNISA), Pretoria, 0001, Gauteng, South Africa

    Sunthoshan G. Govender, Elmarie Kritzinger & Marianne Loock

Authors
  1. Sunthoshan G. Govender
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elmarie Kritzinger
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marianne Loock
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sunthoshan G. Govender .

Editor information

Editors and Affiliations

  1. University of Pretoria, Pretoria, Gauteng, South Africa

    Hein Venter

  2. University of South Africa, Florida, Gauteng, South Africa

    Marianne Loock

  3. University of Johannesburg, Auckland Park, Gauteng, South Africa

    Marijke Coetzee

  4. University of South Africa, Pretoria, Gauteng, South Africa

    Mariki Eloff

  5. University of Pretoria, Pretoria, Gauteng, South Africa

    Jan Eloff

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Govender, S.G., Kritzinger, E., Loock, M. (2020). Information Security Cost Reduction Through Social Means. In: Venter, H., Loock, M., Coetzee, M., Eloff, M., Eloff, J. (eds) Information and Cyber Security. ISSA 2019. Communications in Computer and Information Science, vol 1166. Springer, Cham. https://doi.org/10.1007/978-3-030-43276-8_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-43276-8_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-43275-1

  • Online ISBN: 978-3-030-43276-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation