TU Darmstadt / ULB / TUbiblio

Understanding information security compliance - Why goal setting and rewards might be a bad idea

Gerber, Nina ; McDermott, Ronja ; Volkamer, Melanie ; Vogt, Joachim (2016)
Understanding information security compliance - Why goal setting and rewards might be a bad idea.
Frankfurt, Germany
Konferenzveröffentlichung, Bibliographie

Kurzbeschreibung (Abstract)

Since organizational information security policies can only improve security if employees comply with them, understanding the factors that affect employee security compliance is crucial for strengthening information security. Based on a survey with 200 German employees, we find that reward for production goal achievement negatively impacts security compliance. Whereas a distinct error aversion culture also seems to impair security compliance, the results provide no evidence for an impact of error management culture, affective commitment towards the organization, security policy information quality or quality of the goal setting process. Furthermore, the intention to comply with security policies turns out to be a bad predictor for actual security compliance. We therefore suggest future studies to measure actual behavior instead of behavioral intention.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2016
Autor(en): Gerber, Nina ; McDermott, Ronja ; Volkamer, Melanie ; Vogt, Joachim
Art des Eintrags: Bibliographie
Titel: Understanding information security compliance - Why goal setting and rewards might be a bad idea
Sprache: Englisch
Publikationsjahr: Juli 2016
Verlag: University of Plymouth
Buchtitel: International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016)
Band einer Reihe: 10.
Veranstaltungsort: Frankfurt, Germany
Zugehörige Links:
Kurzbeschreibung (Abstract):

Since organizational information security policies can only improve security if employees comply with them, understanding the factors that affect employee security compliance is crucial for strengthening information security. Based on a survey with 200 German employees, we find that reward for production goal achievement negatively impacts security compliance. Whereas a distinct error aversion culture also seems to impair security compliance, the results provide no evidence for an impact of error management culture, affective commitment towards the organization, security policy information quality or quality of the goal setting process. Furthermore, the intention to comply with security policies turns out to be a bad predictor for actual security compliance. We therefore suggest future studies to measure actual behavior instead of behavioral intention.

Freie Schlagworte: Security, Usability and Society;Secure Data
ID-Nummer: TUD-CS-2016-0134
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik > SECUSO - Security, Usability and Society
20 Fachbereich Informatik > Theoretische Informatik - Kryptographie und Computeralgebra
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE > LOEWE-Zentren
20 Fachbereich Informatik
Profilbereiche
LOEWE
Hinterlegungsdatum: 28 Jul 2016 18:35
Letzte Änderung: 30 Mai 2018 12:53
PPN:
Zugehörige Links:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen