Purpose

The authors seek to understand the formation of control- and security-related identities among organizational employees through and interpretive narrative analysis. The authors also seek to identify how the identities form over time and across contexts. Several identities are identified as well as the changes that may occur in the identities.

Design/methodology/approach

Few interpretive or critical studies exist in behavioral information security research to represent employee perspectives of power and control. Using qualitative interviews and narrative analysis of the interview transcripts, this paper analyzes the security- and control-related identities and values that employees adopt in organizational settings.

Findings

Two major categories of behavioral security compliance identities were identified: compliant and noncompliant. Specific identities within the compliant category included: faithful follower vs the reasoned follower, and other-preserving versus the self-preserving identities. The noncompliant category included: anti-authority identity, utilitarian identity, trusting identity and unaware identity. Furthermore, three patterns of identity changes were observed.

Research limitations/implications

The authors’ narrative stories suggest that employee identities are complex and multi-faceted, and that they may be fluid and adaptive to situational factors. Future research should avoid assumptions that all employees are the same or that employee beliefs remain constant over time or in different contexts. Identities are also strongly rooted in individuals' rearing and other life experiences. Thus, security control is far broader than is studied in behavioral studies. The authors find that history matters and should be examined carefully.

Practical implications

The authors’ study provides insights that managers can use to enhance security initiatives. It is clear that different employees build different control-related identities. Managers must understand that their employees are unique and will not all respond to policies, punishments, and other forms of control in the same way. The narratives also suggest that many organizations lack appropriate programs to enhance employees' awareness of security issues.

Originality/value

The authors’ narrative analysis suggests that employee security identities are complex and multi-faceted, and that they are fluid and adaptive to situational factors. Research should avoid assumptions that all employees are the same or that their beliefs remain constant over time or in different contexts. Identities are also strongly rooted in individuals' rearing and other life experiences. Their history matters and should be examined carefully.

中文翻译：

---

了解员工的信息安全身份：一种解释性叙述方法

目的

作者试图通过解释性叙述分析来了解组织员工之间控制和安全相关身份的形成。作者还试图确定身份是如何随着时间的推移和跨环境而形成的。识别了几个身份以及身份中可能发生的变化。

设计/方法/方法

行为信息安全研究中很少有解释性或批判性研究来代表员工对权力和控制的看法。使用定性访谈和访谈记录的叙述分析，本文分析了员工在组织环境中采用的与安全和控制相关的身份和价值观。

发现

确定了两大类行为安全合规身份：合规和不合规。合规类别中的特定身份包括：忠实的追随者与理性的追随者，以及保留他人与自我保留的身份。不合规类别包括：反权威身份、功利身份、信任身份和无意识身份。此外，观察到三种身份变化模式。

研究限制/影响

作者的叙述性故事表明，员工身份是复杂的、多方面的，而且它们可能是流动的并能适应情境因素。未来的研究应该避免假设所有员工都是相同的，或者员工的信念随着时间的推移或在不同的环境中保持不变。身份也深深植根于个人的抚养和其他生活经历。因此，安全控制比在行为研究中研究的要广泛得多。作者发现历史很重要，应该仔细研究。

实际影响

作者的研究提供了管理人员可以用来增强安全计划的见解。很明显，不同的员工会建立不同的控制相关身份。管理人员必须明白，他们的员工是独一无二的，不会以同样的方式对政策、惩罚和其他形式的控制做出反应。这些叙述还表明，许多组织缺乏适当的计划来提高员工对安全问题的认识。

原创性/价值

作者的叙述分析表明，员工安全身份是复杂和多方面的，并且它们是流动的并且适应情境因素。研究应避免假设所有员工都是相同的，或者他们的信念随着时间的推移或在不同的环境中保持不变。身份也深深植根于个人的抚养和其他生活经历。他们的历史很重要，应该仔细检查。