Gerber, Nina and McDermott, Ronja and Volkamer, Melanie and Vogt, Joachim (2016):
Understanding information security compliance - Why goal setting and rewards might be a bad idea.
In: International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016), University of Plymouth, Frankfurt, Germany, 10., [Conference or Workshop Item]
Abstract
Since organizational information security policies can only improve security if employees comply with them, understanding the factors that affect employee security compliance is crucial for strengthening information security. Based on a survey with 200 German employees, we find that reward for production goal achievement negatively impacts security compliance. Whereas a distinct error aversion culture also seems to impair security compliance, the results provide no evidence for an impact of error management culture, affective commitment towards the organization, security policy information quality or quality of the goal setting process. Furthermore, the intention to comply with security policies turns out to be a bad predictor for actual security compliance. We therefore suggest future studies to measure actual behavior instead of behavioral intention.
| Item Type: | Conference or Workshop Item |
|---|---|
| Erschienen: | 2016 |
| Creators: | Gerber, Nina and McDermott, Ronja and Volkamer, Melanie and Vogt, Joachim |
| Title: | Understanding information security compliance - Why goal setting and rewards might be a bad idea |
| Language: | English |
| Abstract: | Since organizational information security policies can only improve security if employees comply with them, understanding the factors that affect employee security compliance is crucial for strengthening information security. Based on a survey with 200 German employees, we find that reward for production goal achievement negatively impacts security compliance. Whereas a distinct error aversion culture also seems to impair security compliance, the results provide no evidence for an impact of error management culture, affective commitment towards the organization, security policy information quality or quality of the goal setting process. Furthermore, the intention to comply with security policies turns out to be a bad predictor for actual security compliance. We therefore suggest future studies to measure actual behavior instead of behavioral intention. |
| Title of Book: | International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016) |
| Volume: | 10. |
| Publisher: | University of Plymouth |
| Uncontrolled Keywords: | Security, Usability and Society;Secure Data |
| Divisions: | 20 Department of Computer Science > SECUSO - Security, Usability and Society 20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt Profile Areas > Cybersecurity (CYSEC) LOEWE > LOEWE-Zentren 20 Department of Computer Science Profile Areas LOEWE |
| Event Location: | Frankfurt, Germany |
| Date Deposited: | 28 Jul 2016 18:35 |
| Identification Number: | TUD-CS-2016-0134 |
| Related URLs: | |
| Export: |
Optionen (nur für Redakteure)
 |
View Item |
Drucken
Impressum