Search results

1 – 2 of 2
Per page
102050
Citations:
Loading...
Access Restricted. View access options
Article
Publication date: 25 February 2019

Zauwiyah Ahmad, Thian Song Ong, Tze Hui Liew and Mariati Norhashim

The purpose of this research is to explain the influence of information security monitoring and other social learning factors on employees’ security assurance behaviour. Security…

2300

Abstract

Purpose

The purpose of this research is to explain the influence of information security monitoring and other social learning factors on employees’ security assurance behaviour. Security assurance behaviour represents employees’ intentional and effortful actions aimed towards protecting information systems. The behaviour is highly desired as it tackles the human factor within the information security framework. The authors posited that security assurance behaviour is a learned behaviour that can be enhanced by the implementation of information security monitoring.

Design/methodology/approach

Theoretical framework underlying this study with six constructs, namely, subjective norm, outcome expectation, information security monitoring, information security policy, self-efficacy and perceived inconvenience, were identified as significant in determining employees’ security assurance behaviour (SAB). The influence of these constructs on SAB could be explained by social cognitive theory and is empirically supported by past studies. An online questionnaire survey as the main research instrument is adopted to elicit information on the six constructs tested in this study. Opinion from industry and academic expert panels on the relevance and face validity of the questionnaire were obtained prior to the survey administration.

Findings

Findings from this research indicate that organisations will benefit from information security monitoring by encouraging security behaviours that extend beyond the security policy. This study also demonstrates that employees tend to abandon security behaviour when the behaviour is perceived as inconvenient. Hence, organisations must find ways to reduce the perceived inconvenience using various security automation methods and specialised security training. Reducing perceived inconvenience is a challenge to information security practitioners.

Research limitations/implications

There are some limitations in the existing work that could be addressed in future studies. One of them is the possible social desirability bias due to the self-reported measure adopted in the study. Even though the authors have made every effort possible to collect representative responses via anonymous survey, it is still possible that the respondents may not reveal true behaviour as good conduct is generally desired. This may lead to a bias towards favourable behaviour.

Practical implications

In general, the present research provides a number of significant insights and valuable information related to security assurance behaviour among employees. The major findings could assist security experts and organisations to develop better strategies and policies for information security protection. Findings of this research also indicate that organisations will benefit from information security monitoring by encouraging security behaviours that extend beyond the security policy.

Social implications

In this research, the social cognitive learning theory is used to explain the influence of information security monitoring and other social learning factors on employees’ security assurance behaviour; the finding implies that monitoring emphases expected behaviours and helps to reinforce organisational norms. Monitoring may also accelerate learning when employees become strongly mindful of their behaviours. Hence, it is important for organisations to communicate the monitoring practices implemented, even more imperative whenever security monitoring employed is unobtrusive in nature. Nonetheless, care must be taken in this communication to avoid resentment and mistrust among employees.

Originality/value

This study is significant in a number of ways. First, this study highlights significant antecedents of security assurance behaviour, which helps organisations to assess their current practices, which may nurture or suppress information security. Second, using users’ perspective, this study provides recommendations pertaining to monitoring as a form of information security measure. Third, this study provides theoretical contribution to the existing information security literature via the application of the social cognitive learning theory.

Details

Information & Computer Security, vol. 27 no. 2
Type: Research Article
ISSN: 2056-4961

Keywords

Access Restricted. View access options
Article
Publication date: 1 August 2005

Mariati Norhashim and Kamarulzaman Ab. Aziz

Proposes that, arms length economic system (ALS) is not always appropriate for developing nations. The alternative of a relationship based system (RBS) which is often mistaken for…

1600

Abstract

Proposes that, arms length economic system (ALS) is not always appropriate for developing nations. The alternative of a relationship based system (RBS) which is often mistaken for crony capitalism as practiced in Malaysia is offered. Entrepreneurial spirit so fundamental to the development of an economy may be so lacking as to perish under an ALS yet be able to flourish under RBS. Explains three major aspects of how the Malaysian Economy was able to flourish under the RBS (1) the cultural reform of the majority indigenous group (2) the multi‐cultural cooperation between the economically superior Chinese and the less economically developed Malays and (3) The spill‐over effect from privatisation policies. Recognising the existence and legitimacy of an RBS as an economic model may offer a new approach towards poverty eradication and economic development of Third World countries.

Details

International Journal of Sociology and Social Policy, vol. 25 no. 8
Type: Research Article
ISSN: 0144-333X

Keywords

1 – 2 of 2
Per page
102050