Exploring behavioral information security networks in an organizational context: An empirical case study

The purpose of this research is to propose network research as an alternative approach in the behavioral security field. A case study was conducted in a large interior contractor to explore eight organizational networks, four of which focus on security behaviors. The researchers employed social network analysis methods, including quantitative and qualitative ones, to analyze the case study's data and demonstrate the analytical capability of the network analysis approach in the behavioral security field. Key features of the security networks' structures include high transitivity, hierarchy, and centralization, whereas reciprocity and density are lower than other organizational networks. Moreover, work-related interactions were found to impact security influence, among which giving IT advice increases significantly one's influential status in security matters. Practical implications include suggestions about the use of network analysis methods as a tool for security managers to monitor their behavioral security networks and devise appropriate strategies. Potential research directions are also elaborated, which future research can employ and promote the novel and practical use of network analysis techniques. (C) 2016 Elsevier Ltd. All rights reserved.