TU Darmstadt / ULB / TUbiblio

Understanding information security compliance - Why goal setting and rewards might be a bad idea

Gerber, Nina ; McDermott, Ronja ; Volkamer, Melanie ; Vogt, Joachim (2016)
Understanding information security compliance - Why goal setting and rewards might be a bad idea.
Frankfurt, Germany
Conference or Workshop Item, Bibliographie

Abstract

Since organizational information security policies can only improve security if employees comply with them, understanding the factors that affect employee security compliance is crucial for strengthening information security. Based on a survey with 200 German employees, we find that reward for production goal achievement negatively impacts security compliance. Whereas a distinct error aversion culture also seems to impair security compliance, the results provide no evidence for an impact of error management culture, affective commitment towards the organization, security policy information quality or quality of the goal setting process. Furthermore, the intention to comply with security policies turns out to be a bad predictor for actual security compliance. We therefore suggest future studies to measure actual behavior instead of behavioral intention.

Item Type: Conference or Workshop Item
Erschienen: 2016
Creators: Gerber, Nina ; McDermott, Ronja ; Volkamer, Melanie ; Vogt, Joachim
Type of entry: Bibliographie
Title: Understanding information security compliance - Why goal setting and rewards might be a bad idea
Language: English
Date: July 2016
Publisher: University of Plymouth
Book Title: International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016)
Series Volume: 10.
Event Location: Frankfurt, Germany
Corresponding Links:
Abstract:

Since organizational information security policies can only improve security if employees comply with them, understanding the factors that affect employee security compliance is crucial for strengthening information security. Based on a survey with 200 German employees, we find that reward for production goal achievement negatively impacts security compliance. Whereas a distinct error aversion culture also seems to impair security compliance, the results provide no evidence for an impact of error management culture, affective commitment towards the organization, security policy information quality or quality of the goal setting process. Furthermore, the intention to comply with security policies turns out to be a bad predictor for actual security compliance. We therefore suggest future studies to measure actual behavior instead of behavioral intention.

Uncontrolled Keywords: Security, Usability and Society;Secure Data
Identification Number: TUD-CS-2016-0134
Divisions: 20 Department of Computer Science > SECUSO - Security, Usability and Society
20 Department of Computer Science > Theoretical Computer Science - Cryptography and Computer Algebra
LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt
Profile Areas > Cybersecurity (CYSEC)
LOEWE > LOEWE-Zentren
20 Department of Computer Science
Profile Areas
LOEWE
Date Deposited: 28 Jul 2016 18:35
Last Modified: 30 May 2018 12:53
PPN:
Corresponding Links:
Export:
Suche nach Titel in: TUfind oder in Google
Send an inquiry Send an inquiry

Options (only for editors)
Show editorial Details Show editorial Details