Nudge to Promote Employees' Information Security Compliance Behavior: A Field Study

被引:0
作者
Inaba, Midori [1 ]
Terada, Takeaki [2 ,3 ]
机构
[1] Inst Informat Secur, Yokohama, Kanagawa, Japan
[2] Fujitsu Ltd, Kawasaki, Kanagawa, Japan
[3] Nagasaki Univ, Nagasaki, Japan
来源
2023 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE, CSR | 2023年
关键词
nudge; security behavior; information security policy; compliance; security patch application; POLICY COMPLIANCE; IMPACT; ORGANIZATIONS; DETERRENCE;
D O I
10.1109/CSR57506.2023.10224994
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This field study performed an experiment to observe practical effects of a nudge on facilitating employees' security compliance in one company's department. We examined if the nudges speeded up the employees' manual implication of applying the security patch to all their devices, which constituted a security compliance behavior in the experimental environment. Each employee was provided with one of three types of nudges informing the state of others: informing about the progress of general employees with a similar number of devices, informing about the progress of one's working team members, and providing information regarding both. As a result, providing information regarding both uniformly accelerated their patching behaviors although providing only team information severely delayed these behaviors. This study indicates the potential of a nudge as a security management intervention and showcases its effective design.
引用
收藏
页码:335 / 340
页数:6
相关论文
共 55 条
[1]   Nudges for Privacy and Security: Understanding and Assisting Users' Choices Online [J].
Acquisti, Alessandro ;
Adjerid, Idris ;
Balebako, Rebecca ;
Brandimarte, Laura ;
Cranor, Lorrie Faith ;
Komanduri, Saranga ;
Giovanni Leon, Pedro ;
Sadeh, Norman ;
Schaub, Florian ;
Sleeper, Manya ;
Wang, Yang ;
Wilson, Shomir .
ACM COMPUTING SURVEYS, 2017, 50 (03)
[2]   The Impact of Relative Standards on the Propensity to Disclose [J].
Acquisti, Alessandro ;
John, Leslie K. ;
Loewenstein, George .
JOURNAL OF MARKETING RESEARCH, 2012, 49 (02) :160-174
[3]  
Ajzen I., 2000, European Review of Social Psychology, V11, P1, DOI [10.1080/14792779943000116, DOI 10.1080/14792779943000116, https://doi.org/10.1080/14792779943000116]
[4]   PERSONAL CONTACT, INDIVIDUATION, AND THE BETTER-THAN-AVERAGE EFFECT [J].
ALICKE, MD ;
KLOTZ, ML ;
BREITENBECHER, DL ;
YURAK, TJ ;
VREDENBURG, DS .
JOURNAL OF PERSONALITY AND SOCIAL PSYCHOLOGY, 1995, 68 (05) :804-825
[5]  
Ament C., 2017, P PAC AS C INF SYST
[6]  
[Anonymous], 2017, ARS TECHNICA
[7]  
[Anonymous], 2002, American Psychologist, DOI [DOI 10.1037/0003-066X.57.12.1060, 10.1037/0003066x.57.12.1060]
[8]   Nudge your Workforce: A Study on the Effectiveness of Task Notification Strategies in Enterprise Mobile Crowdsourcing [J].
Bashirieh, Sarah ;
Mesbah, Sepideh ;
Redi, Judith ;
Bozzon, Alessandro ;
Szlavik, Zoltan ;
Sips, Robert-Jan .
PROCEEDINGS OF THE 25TH CONFERENCE ON USER MODELING, ADAPTATION AND PERSONALIZATION (UMAP'17), 2017, :4-12
[9]   The Effect of Providing Peer Information on Retirement Savings Decisions [J].
Beshears, John ;
Choi, James J. ;
Laibson, David ;
Madrian, Brigitte C. ;
Milkman, Katherine L. .
JOURNAL OF FINANCE, 2015, 70 (03) :1161-1201
[10]  
Blythe J. M., 2015, P 11 USENIX C USABLE, P103
123456