TU Darmstadt / ULB / TUbiblio

Productivity vs. Security: Mitigating Conflicting Goals in Organizations

Mayer, Peter ; Gerber, Nina ; McDermott, Ronja ; Volkamer, Melanie ; Vogt, Joachim (2017)
Productivity vs. Security: Mitigating Conflicting Goals in Organizations.
In: Information and Computer Security, 25 (2)
doi: 10.1108/ICS-03-2017-0014
Artikel, Bibliographie

Kurzbeschreibung (Abstract)

<b>Purpose</b> – This paper aims to contribute to the understanding of goal setting in organizations, especially regarding the mitigation of conflicting productivity and security goals. <b>Design/methodology/approach </b>– This paper describes the results of a survey with 200 German employees regarding the effects of goal setting on employees’ security compliance. Based on the survey results, a concept for setting information security goals in organizations building on actionable behavioral recommendations from information security awareness materials is developed. This concept was evaluated in three small to medium-sized organizations (SMEs) with overall 90 employees. <b>Findings </b>– The survey results revealed that the presence of rewards for productivity goal achievement is strongly associated with a decrease in security compliance. The evaluation of the goal setting concept indicates that setting their own information security goals is welcomed by employees. <b>Research limitations/implications </b>– Both studies rely on self-reported data and are therefore likely to contain some kind of bias. <b>Practical implications </b>– Goal setting in organizations has to accommodate for situations, where productivity goals constrain security policy compliance. Introducing the proposed goal setting concept based on relevant actionable behavioral recommendations can help mitigate issues in such situations. <b>Originality/value </b>– This work furthers the understanding of the factors affecting employee security compliance. Furthermore, the proposed concept can help maximizing the positive effects of goal setting in organizations by mitigating the negative effects through the introduction of meaningful and actionable information security goals.

Typ des Eintrags: Artikel
Erschienen: 2017
Autor(en): Mayer, Peter ; Gerber, Nina ; McDermott, Ronja ; Volkamer, Melanie ; Vogt, Joachim
Art des Eintrags: Bibliographie
Titel: Productivity vs. Security: Mitigating Conflicting Goals in Organizations
Sprache: Englisch
Publikationsjahr: 2017
Titel der Zeitschrift, Zeitung oder Schriftenreihe: Information and Computer Security
Jahrgang/Volume einer Zeitschrift: 25
(Heft-)Nummer: 2
DOI: 10.1108/ICS-03-2017-0014
Zugehörige Links:
Kurzbeschreibung (Abstract):

<b>Purpose</b> – This paper aims to contribute to the understanding of goal setting in organizations, especially regarding the mitigation of conflicting productivity and security goals. <b>Design/methodology/approach </b>– This paper describes the results of a survey with 200 German employees regarding the effects of goal setting on employees’ security compliance. Based on the survey results, a concept for setting information security goals in organizations building on actionable behavioral recommendations from information security awareness materials is developed. This concept was evaluated in three small to medium-sized organizations (SMEs) with overall 90 employees. <b>Findings </b>– The survey results revealed that the presence of rewards for productivity goal achievement is strongly associated with a decrease in security compliance. The evaluation of the goal setting concept indicates that setting their own information security goals is welcomed by employees. <b>Research limitations/implications </b>– Both studies rely on self-reported data and are therefore likely to contain some kind of bias. <b>Practical implications </b>– Goal setting in organizations has to accommodate for situations, where productivity goals constrain security policy compliance. Introducing the proposed goal setting concept based on relevant actionable behavioral recommendations can help mitigate issues in such situations. <b>Originality/value </b>– This work furthers the understanding of the factors affecting employee security compliance. Furthermore, the proposed concept can help maximizing the positive effects of goal setting in organizations by mitigating the negative effects through the introduction of meaningful and actionable information security goals.

Freie Schlagworte: Security, Usability and Society
ID-Nummer: TUD-CS-2017-0075
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik > SECUSO - Security, Usability and Society
Profilbereiche > Cybersicherheit (CYSEC)
20 Fachbereich Informatik
Profilbereiche
Hinterlegungsdatum: 01 Apr 2017 01:02
Letzte Änderung: 30 Mai 2018 13:00
PPN:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen