Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders

被引:97
|
作者
Posey, Clay [1 ]
Roberts, Tom L. [2 ]
Lowry, Paul Benjamin [3 ]
Hightower, Ross T. [4 ]
机构
[1] Univ Alabama, Culverhouse Coll Commerce, Dept Informat Syst Stat & Management Sci, Tuscaloosa, AL 35487 USA
[2] Louisiana Tech Univ, Coll Business, Sch Accounting & Informat Syst, Ruston, LA 71272 USA
[3] City Univ Hong Kong, Coll Business, Dept Informat Syst, Hong Kong, Hong Kong, Peoples R China
[4] Univ Wisconsin, Lubar Sch Business, Univ Competence Ctr, Milwaukee, WI 53201 USA
来源
INFORMATION & MANAGEMENT | 2014年 / 51卷 / 05期
关键词
Behavioral information security; Risk assessment; Qualitative analysis; Organizational insiders; Security professionals; Protection motivation theory; PROTECTION-MOTIVATION THEORY; FEAR APPEALS; POLICY COMPLIANCE; SYSTEMS SECURITY; COMPUTER CRIME; SELF-EFFICACY; MODEL; RISK; DETERRENCE; MANAGEMENT;
D O I
10.1016/j.im.2014.03.009
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Organizational insiders have considerable influence on the effectiveness of information security efforts. However, most research conducted in this area fails to examine what these individuals believe about organizational security efforts. To help bridge this gap, this study assesses the mindset of insiders regarding their relationship with information security efforts and compares it against the mindset of information security professionals. Interviews were conducted with 22 ordinary insiders and 11 information security professionals, an effort that provides insight into how insiders gauge the efficacy of recommended responses to information security threats. Several key differences between insiders' and professionals' security mindsets are also discussed. (C) 2014 Elsevier B.V. All rights reserved.
引用
收藏
页码:551 / 567
页数:17
相关论文
共 18 条
  • [1] The information security digital divide between information security managers and users
    Albrechtsen, Eirik
    Hovden, Jan
    [J]. COMPUTERS & SECURITY, 2009, 28 (06) : 476 - 490
  • [2] Information Security Culture Concept towards Information Security Compliance: A Comparison between IT and Non-IT Professionals
    Nasir, Akhyari
    Arshah, Ruzaini Abdullah
    Ab Hamid, Mohd Rashid
    Fahmy, Syahrul
    [J]. INTERNATIONAL JOURNAL OF INTEGRATED ENGINEERING, 2022, 14 (03): : 157 - 165
  • [3] An Adversarial Dance: Toward an Understanding of Insiders' Responses to Organizational Information Security Measures
    Balozian, Puzant
    Burns, A. J.
    Leidner, Dorothy E.
    [J]. JOURNAL OF THE ASSOCIATION FOR INFORMATION SYSTEMS, 2023, 24 (01): : 161 - 221
  • [4] Information Security Professionals' Perceptions about the Relationship between the Information Security and Internal Audit Functions
    Steinbart, Paul John
    Raschke, Robyn L.
    Gal, Graham
    Dilla, William N.
    [J]. JOURNAL OF INFORMATION SYSTEMS, 2013, 27 (02) : 65 - 86
  • [5] Bridging the gap between software development and information security
    van Wyk, KR
    McGraw, G
    [J]. IEEE SECURITY & PRIVACY, 2005, 3 (05) : 75 - 79
  • [6] Examining the relationship of organizational insiders' psychological capital with information security threat and coping appraisals
    Burns, A. J.
    Posey, Clay
    Roberts, Tom L.
    Lowry, Paul Benjamin
    [J]. COMPUTERS IN HUMAN BEHAVIOR, 2017, 68 : 190 - 209
  • [7] Examining the linkage between organizational commitment and information security
    Stanton, JA
    Stam, KR
    Guzman, I
    Caldera, C
    [J]. 2003 IEEE INTERNATIONAL CONFERENCE ON SYSTEMS, MAN AND CYBERNETICS, VOLS 1-5, CONFERENCE PROCEEDINGS, 2003, : 2501 - 2506
  • [8] The effects of moral disengagement and organizational ethical climate on insiders' information security policy violation behavior
    Chen, Hao
    Chau, Patrick Y. K.
    Li, Wenli
    [J]. INFORMATION TECHNOLOGY & PEOPLE, 2019, 32 (04) : 973 - 992
  • [9] Deriving the Relationship between Organizational Culture and Information Security Culture
    Hassan, Noor Hafizah
    Ismail, Zuraini
    [J]. VISION 2020: INNOVATION, DEVELOPMENT SUSTAINABILITY, AND ECONOMIC GROWTH, VOLS 1-3, 2013, : 926 - 932
  • [10] Relationship between Organizational Characteristics and Information Security Knowledge Management Implementation
    Said, Abd Rahman
    Abdullah, Haslinda
    Uli, Jegak
    Mohamed, Zainal Abidin
    [J]. TAYLOR'S 6TH TEACHING AND LEARNING CONFERENCE 2013: TRANSFORMATIVE HIGHER EDUCATION TEACHING AND LEARNING IN PRACTICE (TTLC2013), 2014, 123 : 433 - 443
12