دانلود رایگان مقاله انگلیسی فرهنگ سازمانی، رویه اقدامات متقابل و رفتار امنیتی کارکنان - امرالد 2017

Abstract

Purpose - This paper provides new insights about security behaviour in selected U.S. and Irish organisations by investigating how organisational culture and procedural security countermeasures tend to influence employee security actions. An increasing number of information security breaches in organisations presents a serious threat to the confidentiality of personal and commercially sensitive data. While recent research shows that humans are the weakest link in the security chain and the root cause of a great portion of security breaches, the extant security literature tends to focus on technical issues. Design/methodology/approach – This paper builds on general deterrence theory and prior organisational culture literature. The methodology adapted for this study draws on the analytical grounded theory approach employing a constant comparative method. Findings – This paper demonstrates that procedural security countermeasures and organisational culture tend to affect security behaviour in organisational settings. Research implications – This paper fills the void in information security research and takes its place amongst the very few studies that focus on behavioural as opposed to technical issues. Practical implications – This paper highlights the important role of procedural security countermeasures, information security awareness, and organisational culture in managing illicit behaviour of employees. Originality value – This study extends general deterrence theory in a novel way by including information security awareness in the research model and by investigating both negative and positive behaviours.

5. Conclusion

Our results show that information security policies and security education tend to increase employee information security awareness. In turn, the awareness is inclined to lead to compliant behaviour. These insights extend general deterrence theory in a novel way. In particular, the deterrent effect of procedural security countermeasures increases information security awareness. This awareness, in turn, tends to prevent malicious actions of employees and encourage security-cautious behaviour. Furthermore, general deterrence theory is typically used to study negative behaviours, while there are calls in the literature to apply the theory across the variety of behaviours, including negative and positive (D’Arcy and Herath, 2011). The focus of this study is both negative and positive behaviours, which further extends general deterrence theory. Furthermore, OC values are inclined to have an effect on employee security behaviour in organisational settings. Study participants reveal that high peopleoriented organisations benefit from a satisfied workforce, which in turn motivates employees to comply with information security rules. Moreover, high solidarity tends to lead to compliant behaviour because employees realise and pursue organisational goals. Next, high sociability and high task-orientation tend to encourage non-compliant behaviour. Finally, flat structure is inclined to improve the overall level of information security in an organisation.