Olt, Christian M. ; große Deters, Fenne (2021)
On Security Guidelines and Policy Compliance: Considering Users’ Need for Autonomy.
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Recent studies raise the concern that the regular communication of security guidelines and policies and their updates is not always the best option for organizations to protect information system's security. Users show symptoms of being frustrated or overwhelmed by security guidelines and consequently either ignore policies or actively pursue workarounds. Our aim is first, to understand the affective states of employees being confronted with security-related guidelines and the reasons for negative emotions. Second, we develop a communication strategy for security policies that avoids negative affective states and reduces the chance of security policies being ignored or worked around to foster compliance. In this paper, we introduce a framework by connecting the theories of security fatigue, psychological reactance, and the elaboration likelihood model. Our framework moreover considers different strategies to communicate security guidelines or policies. Finally, we draft an experimental setup to empirically evaluate our research model.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2021 |
| Autor(en): | Olt, Christian M. ; große Deters, Fenne |
| Art des Eintrags: | Bibliographie |
| Titel: | On Security Guidelines and Policy Compliance: Considering Users’ Need for Autonomy |
| Sprache: | Englisch |
| Publikationsjahr: | 15 Dezember 2021 |
| Ort: | ICIS 2021 Proceedings |
| URL / URN: | https://aisel.aisnet.org/icis2021/cyber_security/cyber_secur... |
| Kurzbeschreibung (Abstract): | Recent studies raise the concern that the regular communication of security guidelines and policies and their updates is not always the best option for organizations to protect information system's security. Users show symptoms of being frustrated or overwhelmed by security guidelines and consequently either ignore policies or actively pursue workarounds. Our aim is first, to understand the affective states of employees being confronted with security-related guidelines and the reasons for negative emotions. Second, we develop a communication strategy for security policies that avoids negative affective states and reduces the chance of security policies being ignored or worked around to foster compliance. In this paper, we introduce a framework by connecting the theories of security fatigue, psychological reactance, and the elaboration likelihood model. Our framework moreover considers different strategies to communicate security guidelines or policies. Finally, we draft an experimental setup to empirically evaluate our research model. |
| Freie Schlagworte: | Security Policy Compliance, Psychological Reactance, Security Fatigue, Elaboration Likelihood |
| Fachbereich(e)/-gebiet(e): | 01 Fachbereich Rechts- und Wirtschaftswissenschaften 01 Fachbereich Rechts- und Wirtschaftswissenschaften > Betriebswirtschaftliche Fachgebiete 01 Fachbereich Rechts- und Wirtschaftswissenschaften > Betriebswirtschaftliche Fachgebiete > Wirtschaftsinformatik 01 Fachbereich Rechts- und Wirtschaftswissenschaften > Betriebswirtschaftliche Fachgebiete > Fachgebiet Software Business & Information Management Profilbereiche Profilbereiche > Cybersicherheit (CYSEC) |
| Hinterlegungsdatum: | 04 Nov 2021 12:51 |
| Letzte Änderung: | 04 Nov 2021 13:45 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum