6533b82dfe1ef96bd1292024
RESEARCH PRODUCT
Employee Information Security Practices: A Framework and Research Agenda
Polyxeni VassilakopoulouEli HustadFrode Mathias BekkevikOle Reidar Holmsubject
MarketingComputer Networks and Communicationsbusiness.industryStrategy and ManagementInformation security policyInformation securityBusinessPublic relationsVDP::Samfunnsvitenskap: 200::Biblioteks- og informasjonsvitenskap: 320::Informasjons- og kommunikasjonssystemer: 321Computer Science ApplicationsManagement Information Systemsdescription
Author's accepted manuscript Employee information security practices are pivotal to prevent, detect, and respond to security incidents. This paper synthesizes insights from research on challenges related to employee information security practices and measures to address them. The challenges identified are associated to idiosyncratic aspects of communities and individuals within organizations (culture and personal characteristics) and to systemic aspects of organizations (procedural and structural arrangements). The measures identified aim to enhance systemic capabilities and to adapt security mechanisms to the idiosyncratic characteristics and are categorized as: (a) measures of training and awareness, (b) measures of organizational support, (c) measures of rewards and penalties. Further research is needed to explore the dynamics related to how challenges emerge, develop, and get addressed over time and also, to explore the interplay between systemic and idiosyncratic aspects. Additionally, research is needed on the role of security managers and how it can be reconfigured to suit flatter organizations
| year | journal | country | edition | language |
|---|---|---|---|---|
| 2020-04-01 |