Abstract
As data breaches in mid-sized to large organizations become more frequent and more public, there is a need to focus less on technological solutions to information security management and more on sociological solutions. In this paper cost saving information security initiatives are identified and a framework is proposed for organizational and behavioral change in technical human resources, to better address information security concerns.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Ponemon: Cost of data breach study. Ponemon Institute Research Study (2017)
Verizon: 2017 Data breach investigation report, 10th Edn. (2017). http://www.verizonenterprise.com/verizon-insights-lab/data-breach-digest/2017/
Kaspersky Lab: Damage control: the cost of security breaches, IT security risks special report series (2016)
Van Niekerk, J.F., Von Solms, R.: Information security culture: a management perspective. Comput. Secur. 29, 476–486 (2010)
Garret, C.: Developing a security awareness culture - improving security decision making. SANS Institute InfoSec Reading Room (2004)
Drake, P., Clarke, S.: Social aspects of information security. IGI Global (2009)
Mitnick, K.D., Simon, W.L.: The Art of Deception: Controlling the Human Element of Security. Wiley, Hoboken (2002)
Rotvold, G.: How to create security culture in your organization, Homepage of Information Management (2018). http://content.arma.org/IMM/NovDec2008/How_to_Create_a_Security_Culture.aspx
Colace, F., et al.: A context-aware framework for cultural heritage applications. In: Proceedings - 10th International Conference on Signal-Image Technology and Internet-Based Systems, SITIS 2014, p. 469 (2014)
Wylder, J.: Strategic Information Security. CRC Press, Boca Raton (2004)
Casillo, M., Colace, F., Pascale, F., Lemma, S., Lombardi, M.: A tailor made system for providing personalized services. In: Proceedings of the International Conference on Software Engineering and Knowledge Engineering, SEKE 2017, pp. 495–500 (2017)
Bodin, L.D., Gordon, L.A., Loeb, M.P.: Evaluating information security investments using the analytic hierarchy process. Commun. ACM 48(2), 78–83 (2005)
Parsons, K., McCormac, A., Butavicius, M., Ferguson, L.: Human factors and information security: individual, culture and security environment. Government Research Paper edn. Australian Government, Department of Defence, Defence Science and Technology Organization (2010)
Siponen, M.T.: Five dimensions of information security awareness. Comput. Soc. 31, 24–29 (2001)
Eloff, M.M., Von Solms, S.H.: Information security management: an approach to combine process certification and product evaluation. Comput. Secur. 19(8), 698–709 (2000)
Ruighaver, A.B., Maynard, S.B., Chang, S.: Organizational security culture: extending the end user perspective. Comput. Soc. 26, 56–62 (2007)
Hampden-Turner, C., Trompenaars, F.: The Seven Cultures of Capitalism. Piatkus, London (1994)
Martin, J., Siehl, C.: Organizational culture and counterculture: an uneasy symbioses. Am. Manag. Assoc. 12(3), 52–64 (1983)
Furnham, A., Gunter, B.: Corporate culture: diagnosis and change. In: Cooper, C.L., Robertson, I.T. (eds.) International Review of Industrial and Organizational Psychology. Wiley, Chichester (2003)
Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M., Baskerville, R.: Future directions for behavioral information security research. Comput. Secur. 32(February), 90–101 (2013)
Hsu, J., Shih, S.-P., Hung, Y.W., Lowry, P.B.: How extra-role behaviors can improve information security policy effectiveness. Inf. Syst. Res. 26(2), 282–300 (2015)
D’Arcy, J., Hovav, A.: Deterring internal information systems misuse. Commun. ACM 50(10), 113–117 (2007)
Vance, A., Lowry, P.B., Eggett, D.: A new approach to the problem of access policy violations: increasing perceptions of accountability through the user interface. MIS Q. 39(2), 345–366 (2015)
Mecuri, R.T.: Analyzing security costs. Commun. ACM 46(6), 15–18 (2003)
Brecht, M., Nowey, T.: A closer look at information security costs. In: Böhme, R. (ed.) The Economics of Information Security and Privacy, pp. 3–24. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39498-0_1
Scholtz, T.: Articulating the business value of information security. Technical report, Gartner Inc. (2011)
Kaspersky Lab: Cyber security for business – Counting the costs, finding the value (2015)
Oltsik, J.: The cybersecurity skills shortage is getting worse (2019). https://www.csoonline.com/article/3331983/the-cybersecurity-skills-shortage-is-getting-worse.html. Accessed 28 Mar 2019
Cavusoglu, H., Cavusoglu, H., Son, J., Benbasat, I.: Institutional pressures in security management: direct and indirect influences on organizational investment in information security control resources. Inf. Manag. 52(4), 385–400 (2015)
Asen, A., Bohmayr, W., Deutscher, S., Gonzalez, M., Mkrtchian, D.: Are you spending enough on cybersecurity? (2019). https://www.bcg.com/publications/2019/are-you-spending-enough-cybersecurity.aspx. Accessed 26 Mar 2019
Gordon, L., Loeb, M.: The economics of information security investment. ACM Trans. Inf. Syst. Secur. (TISSEC) 5(4), 438–457 (2002)
Longstaff, T., Chittister, C., Pethia, R., Haimes, Y.: Are we forgetting the risk of information technology. IEEE Comput. 33(12), 43–51 (2000)
Tsiakis, T., Stephanides, G.: The economic approach of information security. Comput. Secur. 24, 105–108 (2005)
Kanfer, R., Chen, G., Pritchard, R.D.: Work Motivation: Past, Present and Future. Routledge, New York (2012)
Kozlowski, S.W.: The Oxford Handbook of Organizational Psychology, vol. 1. Oxford University Press, Oxford (2012)
Hendijani, R., Bischak, D.P., Arvai, J., Dugar, S.: Intrinsic motivation, external reward, and their effect on overall motivation and performance. Hum. Perform. 29(4), 251–274 (2016)
Bartol, K.M., Durham, C.C.: Incentives: theory and practice. In: Cooper, C., Locke, E. (eds.) Industrial and Organizational Psychology. Blackwell, Oxford (2000)
Eisenberger, R., Aselage, J.: Incremental effects of reward on experienced performance pressure: positive outcomes for intrinsic interest and creativity. J. Organ. Behav. 30(1), 95–117 (2009)
Catania, A.C.: Positive psychology and positive reinforcement. Am. Psychol. 56(1), 86–87 (2001)
Wei, L.T., Yazdanifard, R.: The impact of positive reinforcement on employees’ performance in organizations. Am. J. Ind. Bus. Manag. 4, 9–12 (2014)
Deci, E.L., Koestner, R., Ryan, R.M.: Extrinsic rewards and intrinsic motivation in education: reconsidered once again. Rev. Educ. Res. 71(1), 1–27 (2001)
Linz, S.J., Semykina, A.: What makes workers happy? Anticipated rewards and job satisfaction. Ind. Relat. 51(4), 811–844 (2012)
Malik, M.A.R., Butt, A.N., Nam Choi, J.: Rewards and employee creative performance moderating effects of creative self-efficacy, reward importance, and locus of control. J. Organ. Behav. 36, 59–74 (2015)
Liu, Y.: Reward strategy in Chinese IT industry. Int. J. Bus. Manag. 5(2), 119–127 (2010)
Hübner, R., Schlösser, J.: Monetary reward increases attentional effort in the Flanker task. Psychon. Bull. Rev. 17(6), 821–826 (2010)
Schuster, J., Weatherhead, P., Zingheim, P.: Pay for performance works: the United States postal service presents a powerful business case. Worldat Work J. 15(1), 24–31 (2006)
Cerasoli, C.P., Nicklin, J.M., Ford, M.T.: Intrinsic motivation and extrinsic incentives jointly predict performance: a 40-year meta-analysis. Psychol. Bull. 140(4), 980–1008 (2014)
Garbers, Y., Konradt, U.: The effect of financial incentives on performance: a quantitative review of individual and team-based financial incentives. J. Occup. Organ. Psychol. 87(1), 102–137 (2014)
Sonawane, P.: Non-monetary rewards: employee choices & organizational practices. Indian J. Ind. Relat. 44(2), 256–271 (2008)
Howard, J.L.: The use of non-monetary motivators in small business. Entrep. Exec. 13, 17–29 (2008)
Shiraz, N., Rashid, M., Riaz, A.: The impact of re-ward and recognition programs on employee’s motivation and satisfaction. Interdisc. J. Contemp. Res. Bus. 3(3), 1428–1434 (2011)
Gohari, P., Ahmadloo, A., Boroujeni, M.B., Hosseinipour, S.J.: The relationship between rewards and employee performance. Interdisc. J. Contemp. Res. Bus. 5(3), 543–570 (2013)
Sarwar, A., Khalid, A.: Impact of employee empowerment on employee’s job satisfaction and commitment with the organization. Interdisc. J. Contemp. Res. Bus. 3(2), 664–683 (2011)
Elloy, D.: Effects of ability utilization, job influence and organization commitment on employee empowerment: an empirical study. Int. J. Manag. 29(2), 627–632 (2012)
Bojanc, R., Jerman-Blazic, B., Tekavcic, M.: Managing the investment in information security technology by the use of a quantitative model. Inf. Process. Manag. 48, 1031–1052 (2012)
Takemura, T., Komatsu, A.: An empirical study on information security behaviors and awareness. In: Böhme, R. (ed.) The Economics of Information Security and Privacy, pp. 95–114. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39498-0_5
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Govender, S.G., Kritzinger, E., Loock, M. (2020). Information Security Cost Reduction Through Social Means. In: Venter, H., Loock, M., Coetzee, M., Eloff, M., Eloff, J. (eds) Information and Cyber Security. ISSA 2019. Communications in Computer and Information Science, vol 1166. Springer, Cham. https://doi.org/10.1007/978-3-030-43276-8_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-43276-8_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-43275-1
Online ISBN: 978-3-030-43276-8
eBook Packages: Computer ScienceComputer Science (R0)