Nudge to Promote Employees' Information Security Compliance Behavior: A Field Study

被引：0

作者：

Inaba, Midori ^{[1
]}

Terada, Takeaki ^{[2
,3
]}

机构：

[1] Inst Informat Secur, Yokohama, Kanagawa, Japan

[2] Fujitsu Ltd, Kawasaki, Kanagawa, Japan

[3] Nagasaki Univ, Nagasaki, Japan

来源：

2023 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE, CSR | 2023年

关键词：

nudge; security behavior; information security policy; compliance; security patch application; POLICY COMPLIANCE; IMPACT; ORGANIZATIONS; DETERRENCE;

D O I：

10.1109/CSR57506.2023.10224994

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

This field study performed an experiment to observe practical effects of a nudge on facilitating employees' security compliance in one company's department. We examined if the nudges speeded up the employees' manual implication of applying the security patch to all their devices, which constituted a security compliance behavior in the experimental environment. Each employee was provided with one of three types of nudges informing the state of others: informing about the progress of general employees with a similar number of devices, informing about the progress of one's working team members, and providing information regarding both. As a result, providing information regarding both uniformly accelerated their patching behaviors although providing only team information severely delayed these behaviors. This study indicates the potential of a nudge as a security management intervention and showcases its effective design.

引用

页码：335 / 340

页数：6

共 55 条

[1] Nudges for Privacy and Security: Understanding and Assisting Users' Choices Online
Acquisti, Alessandro
Adjerid, Idris
Balebako, Rebecca
Brandimarte, Laura
Cranor, Lorrie Faith
Komanduri, Saranga
Giovanni Leon, Pedro
Sadeh, Norman
Schaub, Florian
Sleeper, Manya
Wang, Yang
Wilson, Shomir
[J]. ACM COMPUTING SURVEYS, 2017, 50 (03)
[2] The Impact of Relative Standards on the Propensity to Disclose
Acquisti, Alessandro
John, Leslie K.
Loewenstein, George
[J]. JOURNAL OF MARKETING RESEARCH, 2012, 49 (02) : 160 - 174
[3] Ajzen I., 2000, EUR REV SOC PSYCHOL, V11, P1, DOI DOI 10.1080/14792779943000116
[4] PERSONAL CONTACT, INDIVIDUATION, AND THE BETTER-THAN-AVERAGE EFFECT
ALICKE, MD
KLOTZ, ML
BREITENBECHER, DL
YURAK, TJ
VREDENBURG, DS
[J]. JOURNAL OF PERSONALITY AND SOCIAL PSYCHOLOGY, 1995, 68 (05) : 804 - 825
[5] Ament C., 2017, P PAC AS C INF SYST
[6] American Psychological Association, 2002, AM PSYCHOL, V57, P1060, DOI DOI 10.1037/0003-066X.57.12.1060
[7] Nudge your Workforce: A Study on the Effectiveness of Task Notification Strategies in Enterprise Mobile Crowdsourcing
Bashirieh, Sarah
Mesbah, Sepideh
Redi, Judith
Bozzon, Alessandro
Szlavik, Zoltan
Sips, Robert-Jan
[J]. PROCEEDINGS OF THE 25TH CONFERENCE ON USER MODELING, ADAPTATION AND PERSONALIZATION (UMAP'17), 2017, : 4 - 12
[8] The Effect of Providing Peer Information on Retirement Savings Decisions
Beshears, John
Choi, James J.
Laibson, David
Madrian, Brigitte C.
Milkman, Katherine L.
[J]. JOURNAL OF FINANCE, 2015, 70 (03) : 1161 - 1201
[9] Blythe J.M, 2015, 11 S US PRIV SEC SOU, P103
[10] Testing for crowd out in social nudges: Evidence from a natural field experiment in the market for electricity
Brandon, Alec
List, John A.
Metcalfe, Robert D.
Price, Michael K.
Rundhammer, Florian
[J]. PROCEEDINGS OF THE NATIONAL ACADEMY OF SCIENCES OF THE UNITED STATES OF AMERICA, 2019, 116 (12) : 5293 - 5298

← 1 2 3 4 5 6 →