دانلود رایگان مقاله انگلیسی سودمندی در مقابل امنیت: مقابله با اهداف متضاد در سازمان ها - امرالد 2017

Abstract

Purpose – This paper aims to contribute to the understanding of goal setting in organizations, especially regarding the mitigation of conflicting productivity and security goals. Design/methodology/approach – This paper describes the results of a survey with 200 German employees regarding the effects of goal setting on employees’ security compliance. Based on the survey results, a concept for setting information security goals in organizations building on actionable behavioral recommendations from information security awareness materials is developed. This concept was evaluated in three small to medium-sized organizations (SMEs) with overall 90 employees. Findings – The survey results revealed that the presence of rewards for productivity goal achievement is strongly associated with a decrease in security compliance. The evaluation of the goal setting concept indicates that setting their own information security goals is welcomed by employees. Research limitations/implications – Both studies rely on self-reported data and are therefore likely to contain some kind of bias. Practical implications – Goal setting in organizations has to accommodate for situations, where productivity goals constrain security policy compliance. Introducing the proposed goal setting concept based on relevant actionable behavioral recommendations can help mitigate issues in such situations. Originality/value – This work furthers the understanding of the factors affecting employee security compliance. Furthermore, the proposed concept can help maximizing the positive effects of goal setting in organizations by mitigating the negative effects through the introduction of meaningful and actionable information security goals.

6. Conclusion

In this work, we presented our findings regarding the effects of goal setting in organizations. The findings of our survey regarding the implications of conflicting goals are twofold. Firstly, it provides additional evidence for the relationships between the constructs of the theory of planned behavior. Secondly, it revealed that the presence of rewards for performance goal achievement is strongly associated with a decrease in security compliance and thereby provides evidence supporting the assumption of conflicting goals in the workplace.

To mitigate this conflict between productivity and information security goals, we presented a concept for goal setting in organizations and evaluated it in a user study with participants from three SMEs. Our results indicate that this concept can be implemented in practice using available information security awareness materials such as the NoPhish anti-phishing training. Any practical implementation should thereby pay special attention to the aspects identified in our study to maximize its effectiveness. Firstly, the information security awareness materials used as basis must contain relevant actionable behavioral recommendations. Secondly, participants should not only have the possibility to select multiple goals, but also to define their own goals.