Information Security Needs Proper Employee Behavior

1153 Words3 Pages
bulb-icon

Recommended: Theory of planned behaviour literature review

Human end users are considered to be the weakest link in information security as failure to comply with information security policies remains one of the biggest threats to the organization. The goal of any policy within an organization is to influence the behaviors of employees in a way that benefits the organization. Information security cannot be achieved through technology. Information security governance seeks to influence employee behaviors to ensure that critical security policies and rules are followed. The discretionary nature of information security policy (ISP) compliance poses a challenge for policy makers. The latest research in behavioral information security The following research articles Benbasat, Bulgurcu and Cavusoglu (2010), Johnston and Warkentin (2010), Puhakainen and Siponen (2010), and Chen, Ramamurthy and Wen (2012) has focused on examining the beliefs, attitudes, and other factors which influence employees compliance of ISP.
Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs And Information Security Awareness, was a research study conducted by Benbasat, Bulgurcu and Cavusoglu (2010) which examined several factors relating to employee ISP compliance behavior. The purpose of the study was to assess the role of information security awareness in shaping compliance-related beliefs and behavior in a constantly evolving threat environment. Using the theory of planned behavior, Benbasat, Bulgurcu and Cavusoglu (2010) proposed that an employee's attitude towards compliance is determined by his/her normative beliefs and attitudes, including one's and self-confidence in carrying out compliance related tasks. The hypothesis stated that the employee's attitude is shaped by ...

... middle of paper ...

...tion for organizations where sanctions are not effective in violating ISP. Chen, Ramamurthy and Wen (2012) recommend the implementation of a comprehensive enforcement system reflecting the general moral standards of the organization's culture. Participants from two financial organizations showed no significant difference in behavior.
A brief review the above-mentioned research studies regarding behavioral information security reveals the reoccurring theme of applying existing behavioral theory models to the information security context, with the theory of planned behavior being mentioned in the literature review sections of all of the research articles. All of the research studies seek to identify the factors that shape the attitudes and behavioral intentions of employee end users and all have significant implications for IT policymakers within organizations.

Show More
Related

  • Kroger Ethical Decision Making

    465 Words  | 1 Pages

    The ethical code of an organization illustrates the importance of being honest, acting with integrity, and showing fairness in decision making (Bethel, 2015). Ultimately, “laws regulating business conduct are passed because some stakeholders believe they cannot be trusted to do what is right” (Ferrell, Fraedrich, & Ferrell, 2015, p. 95). In the last couple of years, culture has become the initiator for compliance, which means from the top down there has to be a commitment to act in a way that represents the company’s core values (Verschoor, 2015).

    Read More

  • Laws for Fair, Balanced and Competitive Business Practice

    658 Words  | 2 Pages

    ...efits from adopting unfair business practices and discouraging competition are much higher than the expected penalty and punishment. With changing time, there is need to make these laws more effective and relevant.

    Read More

  • Using Usage Behaviors At Work Personnel Selection, Employee Training, Incentive Programs, And Safety Rules

    751 Words  | 2 Pages

    The four general areas that organizations can use to reduce or eliminate usage behaviors at work include personnel selection, employee training, incentive programs, and safety rules and regulations (Bernardin & Russell, 2013). Personnel selection involves selecting candidates and placing them in jobs within the organization. It can reduce or eliminate unsafe behaviors by having candidates screened through personality testing, and the questions that are asked are about how they would connect certain behaviors with consequences.

    Read More

  • Wells Fargo Ethics Analysis

    1602 Words  | 4 Pages

    There are even challenges of sustaining employee morale and culture in a business. Culture begins with the CEO, and executives, and is passed down through training and mentoring to managers and entry level employees. Wells Fargo’s culture seems to have been maintained for the most part, but in the context of pressure and competition it changed drastically. The fact that employees felt the need to participate due to pressure and fear that if they called the ethics hotline they would be fired, speaks volumes about how important gaining more customers meant to executives pushing the competition. According to Business Ethics: Ethical Decision Making and Cases cultural relativism is “the concept that morality varies from one culture to another and that ‘right’ and ‘wrong’ are defined differently” (John Fraedrich, L. F., 2017). In the case of Wells Fargo, their wires are crossed in their ideals of right and wrong. Most decisions are not black and white in cultures—there are always grey areas. Pertaining to cultural realativism, “by defending the payment of bribes or ‘greasing the wheels’ of business and other questionable practices in this fashion” Wells Fargo has gone above and beyond with their cultural

    Read More

  • HIPAA, CIA, and Safeguards

    1633 Words  | 4 Pages

    Whitman, M., & Mattord, H. (2010). Management of information security. (3rd ed., p. 6). Boston, MA: Cengage Learning.

    Read More

  • Ashley Madison Case Study

    723 Words  | 2 Pages

    Following compliance guide line provided by NIST SP 800-16 that describes security and training requirements is another way to boost the awareness of the employees. These kind of training and follow of compliance emphasize on roles rather than fixed content providing flexibility, adaptability, and longevity. Furthermore varying method of training with respect to different users is also beneficial. For example training for general users, training for managerial users and training for technical users which can be categorized by job category or job functions.

    Read More

  • Homeland Security: The Mission Of Homeland Security

    1035 Words  | 3 Pages

    Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what

    Read More

  • Use Case Study Of St. Luke's Health Care System

    1196 Words  | 3 Pages

    Development of privacy policies: Privacy and security policies and procedure must be adopted and enforced including actions items in the event of a breach.

    Read More

  • Privacy in the Workplace

    2466 Words  | 5 Pages

    Privacy in the Workplace Introduction Technology has developed in leaps and bounds over the past few decades. The case is that the law always has difficulty keeping pace with new issues and technology and the few laws that are enacted are usually very general and obscure. The main topic of this paper is to address the effect of technology on privacy in the workplace. We have to have an understanding of privacy before trying to protect it. Based on the Gift of Fire, privacy has three pieces: freedom from intrusion, control of information about one's self, and freedom from surveillance.1 People's rights have always been protected by the constitution, such as the Fourth Amendment, which protects people from "unreasonable searches and seizures".

    Read More

  • Workplace Privacy and Employee Monitoring

    1326 Words  | 3 Pages

    Do we really have our privacy rights in the workplace? In today’s society we are so caught up with our rights that we often forget about work rules. If someone goes into my office or someone reads my email I feel violated and deprived of my rights. But the real question is, are these things my own to do with? In all reality if it is a private organization the person who owns the business is the owner of all offices and computers, so in that case you’re just using his stuff.

    Read More

  • Prevention of Employee Theft

    1096 Words  | 3 Pages

    Why do employees feel free to steal? Most employee theft occurs because it is too easy. What can a company do to prevent employee theft? What should a company do to employee thieves? The following paragraphs summarize a few ideas.

    Read More

  • Organizational Environment In An Organization

    1173 Words  | 3 Pages

    For instance, organizational environment as a whole was seen to drive the conduct of employees. More recent research differentiated between the various components and even suggested the distance of multiple organizational environments within a single organization (Al-Omari, Deokar, El-Gayar, 2012). It tried to connect a particular environment with a specific behavior. For instance, one study investigated the morale environment effect on workers’ perceived motivations for their work. It found that organizations with a transformational organizational environment tended to have employees with higher scores of work motivation (Al-Omari, Deokar, El-Gayar, 2012). This analysis utilizes the particular environment of information security as a potential predictor of employee’s compliance with information security

    Read More

  • Employee Security And Job Security

    714 Words  | 2 Pages

    In a society where job security is important one has to question why not put employees where they need be, in the places where they will be most successful, where business can benefit from a happy and energetic employee. Does the quote by Mr. Buffet make since? Being a member of the Armed Forces one would think that retention is a challenge. In my personal opinion I think it depends on the job/department, with using the lingo of the military, it depends on the AFSC (Air Force Specialty Code) in which you are assigned. I will take it one step further and state that it may depend on the branch of service and whether are not you are Active Duty, Guard, or Reserves. For example, members that may have to report to duty one weekend and

    Read More

  • Importance Of Privacy In The Workplace

    824 Words  | 2 Pages

    Employee rights are very important in the workplace (Rakoczy, C. n.d.). There are some laws to protect employee rights such as safe working environment, discrimination and overtime pay rate to ensure every employee treated fairly. All employees have the right to work in a safe and healthy workplace. In some industries, they use the high-voltage of electricity, extreme temperature, the high-speed and noisy machine in their workplace which can potentially threat to employee health and safety. A safety and healthy workplace must provide reasonable daily and weekly job schedule to the employees. Therefore, when the employee follows the job schedule, they can prevent to work overload because of a systematic system applied by the company.

    Read More

  • Cyber Crime Essay

    3239 Words  | 7 Pages

    With the increasing number and variety of cybercrimes in India, it is paramount importance “for organizations” to generate a response mechanism that enables them to understand, and accept the risks, and opportunities of the cyber world on an ongoing basis. Despite implementing internal controls, cybercrimes continue to grow at an increased rate. Today, more and more organizations from all sectors are seizing the opportunities created by the internet. In PwC’s view, organizations that contain cyber awareness and responsiveness in every employee, every decision, and every interaction, and are aware of the current and emerging cyber world will be the ones to gain competitive advantage in today’s technology-driven environment.

    Read More

More about Information Security Needs Proper Employee Behavior

Open Document