Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust and Privacy in Digital Business

TrustBus 2015: Trust, Privacy and Security in Digital Business pp 169–179Cite as

Identifying Factors that Influence Employees’ Security Behavior for Enhancing ISP Compliance

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9264))

Abstract

Organizations apply information security policies to foster secure use of information systems but very often employees fail to comply with them. Employees’ security behavior has been the unit of analysis of research from different theoretical approaches, in an effort to identify the factors that influence security policy compliance. Through a systematic analysis of extant literature this paper identifies and categorizes critical factors that shape employee security behavior and proposes security management practices that can enhance security compliance. Research findings inform theory by identifying research gaps and support security management.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Akers, R.: Rational choice, deterrence, and social learning theory in criminology: the path not taken. J. Crim. Law Criminol. 81, 653 (1990)

    Article  Google Scholar 

  2. Al-Omari, A., El-Gayar, O., Deokar, A.: Security policy compliance: user acceptance perspective. In: System Science (HICSS), 45th Hawaii International Conference on System Sciences, IEEE (2012)

    Google Scholar 

  3. Albrechtsen, E., Hovden, J.: Improving information security awareness and behavior through dialogue, participation and collective reflection. An invention study. Comput. Secur. 29(4), 432–445 (2010)

    Article  Google Scholar 

  4. Zhang, J., Reithel, B.J., Li, H.: Impact of perceived technical protection on security behaviors. Inf. Manag. Comput. Secur. 17(4), 330–340 (2009)

    Google Scholar 

  5. Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34(3), 523–548 (2010)

    Google Scholar 

  6. D’Arcy, J., Hovav, A., Galletta, D.: User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Inf. Syst. Res. 20(1), 79–98 (2009)

    Article  Google Scholar 

  7. Davis, F.D., Bagozzi, R.P., Warshaw, P.R.: User acceptance of computer technology: a comparison of two theoretical models. Manage. Sci. 35(8), 982–1003 (1989)

    Article  Google Scholar 

  8. Dinev, T., Hu, Q.: The centrality of awareness in the formation of user behavioral intention toward protective information technologies. J. Assoc. Inf. Syst. 8(7), 23 (2007)

    Google Scholar 

  9. Herath, T., Rao, H.R.: Protection motivation and deterrence: a framework for security policy compliance in organisations. Eur. J. Inf. Syst. 18(2), 106–125 (2009)

    Article  Google Scholar 

  10. Herath, T., Rao, H.R.: Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness. Decis. Support Syst. 47(2), 154–165 (2009)

    Article  Google Scholar 

  11. Sommestad, T., Hallberg, J., Lundholm, K., Bengtsson, J.: Variables influencing information security policy compliance: a systematic review of quantitative studies. Inf. Manage. Comput. Secur. 22(1), 42–75 (2014)

    Google Scholar 

  12. Pahnila, S., Karjalainen, M., Siponen, M.: Information security behavior: towards multi-stage models. In: PACIS (2013)

    Google Scholar 

  13. Pahnila, S., Siponen, M., Mahmood, A.: Employees’ behavior towards IS security policy compliance. In: System Sciences 40th Annual Hawaii International Conference on System Sciences, pp. 156b–156b. IEEE (2007)

    Google Scholar 

  14. Payne, B.D., Edwards, W.K.: A brief introduction to usable security. Internet Comput. IEEE 12(3), 13–21 (2008)

    Article  Google Scholar 

  15. Siponen, M., Mahmood, A., Pahnila, S.: Employees’ adherence to information security policies: an exploratory field study. Inf. Manage. 51(2), 217–224 (2014)

    Article  Google Scholar 

  16. Siponen, M., Pahnila, S., Mahmood, A.: Factors influencing protection motivation and IS security policy compliance. In: Innovations in Information Technology, IEEE (2006)

    Google Scholar 

  17. Vance, A., Siponen, M., Pahnila, S.: Motivating IS security compliance: insights from habit and protection motivation theory. Inf. Manage. 49(3), 190–198 (2012)

    Article  Google Scholar 

  18. Von Solms, R., Von Solms, B.: From policies to culture. Comput. Secur. 23(4), 275–279 (2004)

    Article  Google Scholar 

  19. Vroom, C., Von Solms, R.: Towards information security behavioral compliance. Comput. Secur. 23(3), 191–198 (2004)

    Article  Google Scholar 

  20. Lebek, B., Uffen, J., Neumann, M., Hohler, B., Breitner, H.M.: Information security awareness and behavior: a theory-based literature review. Manage. Res. Rev. 37(12), 1049–1092 (2014)

    Article  Google Scholar 

  21. Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M., Baskerville, R.: Future directions for behavioral information security research. Comput. Secur. 32, 90–101 (2013)

    Article  Google Scholar 

  22. Padayachee, K.: Taxonomy of compliant information security behavior. Comput. Secur. 31(5), 673–680 (2012)

    Article  Google Scholar 

  23. Hu, Q., Dinev, T., Hart, P., Cooke, D.: Managing employee compliance with information security policies: the critical role of top management and organizational culture*. Decis. Sci. 43(4), 615–660 (2012)

    Article  Google Scholar 

  24. Ifinedo, P.: Understanding information systems security policy compliance: an integration of the theory of planned behavior and the protection motivation theory. Comput. Secur. 31(1), 83–95 (2012)

    Article  Google Scholar 

  25. Son, J.Y.: Out of fear or desire? Toward a better understanding of employees’ motivation to follow IS security policies. Inf. Manage. 48(7), 296–302 (2011)

    Article  Google Scholar 

  26. Chipperfield, C., Furnell, S.: From security policy to practice: sending the right messages. Comput. Fraud Secur. 2010(3), 13–19 (2010)

    Article  Google Scholar 

  27. Herath, T., Chen, R., Wang, J., Banjara, K., Wilbur, J., Rao, H.R.: Security services as coping mechanisms: an investigation into user intention to adopt an email authentication service. Inf. Syst. J. 24(1), 61–84 (2014)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of the Aegean, Mytilene, Greece

    Ioanna Topa & Maria Karyda

Authors
  1. Ioanna Topa
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Maria Karyda
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ioanna Topa .

Editor information

Editors and Affiliations

  1. Karlstad University, Karlstad, Sweden

    Simone Fischer-Hübner

  2. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  3. University of Malaga, Málaga, Spain

    Javier López

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Topa, I., Karyda, M. (2015). Identifying Factors that Influence Employees’ Security Behavior for Enhancing ISP Compliance. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2015. Lecture Notes in Computer Science(), vol 9264. Springer, Cham. https://doi.org/10.1007/978-3-319-22906-5_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22906-5_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22905-8

  • Online ISBN: 978-3-319-22906-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation