当前位置:
X-MOL 学术
›
Comput. Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
TOWARD A STAGE THEORY OF THE DEVELOPMENT OF EMPLOYEES’ INFORMATION SECURITY BEHAVIOR
Computers & Security ( IF 5.6 ) Pub Date : 2020-06-01 , DOI: 10.1016/j.cose.2020.101782 Mari Karjalainen , Mikko Siponen , Suprateek Sarker
Computers & Security ( IF 5.6 ) Pub Date : 2020-06-01 , DOI: 10.1016/j.cose.2020.101782 Mari Karjalainen , Mikko Siponen , Suprateek Sarker
Abstract Existing behavioral information security research proposes continuum or non-stage models that focus on finding static determinants for information security behavior (ISB) that remains unchanged. Such models cannot explain a case where the reasons for ISB change. However, the underlying reasons and motives for users’ ISB are not static but may change over time. To understand the change in reasoning between different antecedents, we examine stage theorizing in other fields and develop the requirements for an emergent theory of the development of employees’ ISB: (1) the content of stages based on the stage elements and their stage-specific attributes; (2) the stage-independent element explaining the instability of ISB; and (3) the temporal order of stages based on developmental progression. To illustrate the stage theory requirements in an information security context, we suggest four stages: intuitive thinking, declarative thinking, agency-related thinking, and routine-related thinking. We propose that learning is a key driver of change between the stages. According to our theorizing, employees start with intuitive beliefs and later develop routine-related thinking. Furthermore, using interview data collected from employees in a multinational company, we illustrate the differences in the stages. For future information security research, we conceptualize ISB change in terms of stages and contribute a theoretical framework that can be empirically validated. In relation to practice, understanding the differences between the stages offers a foundation for identifying the stage-specific challenges that lead to non-compliance and the corresponding information security training aimed at tackling these challenges. Given that users’ ISB follows stages, although not in a specific order, identifying such stages can improve the effectiveness of information security training interventions within organizations.
中文翻译:
员工信息安全行为发展的阶段性理论
摘要 现有的行为信息安全研究提出了连续统或非阶段模型,其重点是寻找保持不变的信息安全行为(ISB)的静态决定因素。此类模型无法解释 ISB 原因发生变化的情况。然而,用户使用 ISB 的根本原因和动机并不是一成不变的,而是可能会随着时间而改变。为了理解不同前因之间推理的变化,我们研究了其他领域的阶段理论,并提出了员工 ISB 发展的新兴理论的要求:(1)基于阶段要素及其特定阶段的阶段内容属性; (2) 解释ISB不稳定性的阶段无关因素;(3) 基于发展进程的阶段时间顺序。为了说明信息安全上下文中的阶段理论要求,我们建议四个阶段:直觉思维、陈述性思维、代理相关思维和常规相关思维。我们建议学习是阶段之间变化的关键驱动因素。根据我们的理论,员工从直觉信念开始,然后发展与日常相关的思维。此外,我们使用从跨国公司员工那里收集的访谈数据,说明了各个阶段的差异。对于未来的信息安全研究,我们将 ISB 变化概念化为阶段性的,并提供了一个可以通过经验验证的理论框架。就实践而言,了解阶段之间的差异为确定导致不合规的阶段特定挑战以及旨在应对这些挑战的相应信息安全培训奠定了基础。鉴于用户的 ISB 遵循不同的阶段,尽管没有特定的顺序,识别这些阶段可以提高组织内信息安全培训干预的有效性。
更新日期:2020-06-01
中文翻译:
员工信息安全行为发展的阶段性理论
摘要 现有的行为信息安全研究提出了连续统或非阶段模型,其重点是寻找保持不变的信息安全行为(ISB)的静态决定因素。此类模型无法解释 ISB 原因发生变化的情况。然而,用户使用 ISB 的根本原因和动机并不是一成不变的,而是可能会随着时间而改变。为了理解不同前因之间推理的变化,我们研究了其他领域的阶段理论,并提出了员工 ISB 发展的新兴理论的要求:(1)基于阶段要素及其特定阶段的阶段内容属性; (2) 解释ISB不稳定性的阶段无关因素;(3) 基于发展进程的阶段时间顺序。为了说明信息安全上下文中的阶段理论要求,我们建议四个阶段:直觉思维、陈述性思维、代理相关思维和常规相关思维。我们建议学习是阶段之间变化的关键驱动因素。根据我们的理论,员工从直觉信念开始,然后发展与日常相关的思维。此外,我们使用从跨国公司员工那里收集的访谈数据,说明了各个阶段的差异。对于未来的信息安全研究,我们将 ISB 变化概念化为阶段性的,并提供了一个可以通过经验验证的理论框架。就实践而言,了解阶段之间的差异为确定导致不合规的阶段特定挑战以及旨在应对这些挑战的相应信息安全培训奠定了基础。鉴于用户的 ISB 遵循不同的阶段,尽管没有特定的顺序,识别这些阶段可以提高组织内信息安全培训干预的有效性。
京公网安备 11010802027423号