To read this content please select one of the options below:

Understanding employees' information security identities: an interpretive narrative approach

Jeffrey D. Wall (Michigan Technological University, Houghton, Michigan, USA)
Prashant Palvia (University of North Carolina at Greensboro, Greensboro, North Carolina, USA)

Information Technology & People

ISSN: 0959-3845

Article publication date: 16 February 2021

Issue publication date: 17 January 2022

867

Abstract

Purpose

The authors seek to understand the formation of control- and security-related identities among organizational employees through and interpretive narrative analysis. The authors also seek to identify how the identities form over time and across contexts. Several identities are identified as well as the changes that may occur in the identities.

Design/methodology/approach

Few interpretive or critical studies exist in behavioral information security research to represent employee perspectives of power and control. Using qualitative interviews and narrative analysis of the interview transcripts, this paper analyzes the security- and control-related identities and values that employees adopt in organizational settings.

Findings

Two major categories of behavioral security compliance identities were identified: compliant and noncompliant. Specific identities within the compliant category included: faithful follower vs the reasoned follower, and other-preserving versus the self-preserving identities. The noncompliant category included: anti-authority identity, utilitarian identity, trusting identity and unaware identity. Furthermore, three patterns of identity changes were observed.

Research limitations/implications

The authors’ narrative stories suggest that employee identities are complex and multi-faceted, and that they may be fluid and adaptive to situational factors. Future research should avoid assumptions that all employees are the same or that employee beliefs remain constant over time or in different contexts. Identities are also strongly rooted in individuals' rearing and other life experiences. Thus, security control is far broader than is studied in behavioral studies. The authors find that history matters and should be examined carefully.

Practical implications

The authors’ study provides insights that managers can use to enhance security initiatives. It is clear that different employees build different control-related identities. Managers must understand that their employees are unique and will not all respond to policies, punishments, and other forms of control in the same way. The narratives also suggest that many organizations lack appropriate programs to enhance employees' awareness of security issues.

Originality/value

The authors’ narrative analysis suggests that employee security identities are complex and multi-faceted, and that they are fluid and adaptive to situational factors. Research should avoid assumptions that all employees are the same or that their beliefs remain constant over time or in different contexts. Identities are also strongly rooted in individuals' rearing and other life experiences. Their history matters and should be examined carefully.

Keywords

Citation

Wall, J.D. and Palvia, P. (2022), "Understanding employees' information security identities: an interpretive narrative approach", Information Technology & People, Vol. 35 No. 1, pp. 435-458. https://doi.org/10.1108/ITP-04-2020-0197

Publisher

:

Emerald Publishing Limited

Copyright © 2021, Emerald Publishing Limited

Related articles