Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders

被引:103
作者
Posey, Clay [1 ]
Roberts, Tom L. [2 ]
Lowry, Paul Benjamin [3 ]
Hightower, Ross T. [4 ]
机构
[1] Univ Alabama, Culverhouse Coll Commerce, Dept Informat Syst Stat & Management Sci, Tuscaloosa, AL 35487 USA
[2] Louisiana Tech Univ, Coll Business, Sch Accounting & Informat Syst, Ruston, LA 71272 USA
[3] City Univ Hong Kong, Coll Business, Dept Informat Syst, Hong Kong, Hong Kong, Peoples R China
[4] Univ Wisconsin, Lubar Sch Business, Univ Competence Ctr, Milwaukee, WI 53201 USA
来源
INFORMATION & MANAGEMENT | 2014年 / 51卷 / 05期
关键词
Behavioral information security; Risk assessment; Qualitative analysis; Organizational insiders; Security professionals; Protection motivation theory; PROTECTION-MOTIVATION THEORY; FEAR APPEALS; POLICY COMPLIANCE; SYSTEMS SECURITY; COMPUTER CRIME; SELF-EFFICACY; MODEL; RISK; DETERRENCE; MANAGEMENT;
D O I
10.1016/j.im.2014.03.009
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Organizational insiders have considerable influence on the effectiveness of information security efforts. However, most research conducted in this area fails to examine what these individuals believe about organizational security efforts. To help bridge this gap, this study assesses the mindset of insiders regarding their relationship with information security efforts and compares it against the mindset of information security professionals. Interviews were conducted with 22 ordinary insiders and 11 information security professionals, an effort that provides insight into how insiders gauge the efficacy of recommended responses to information security threats. Several key differences between insiders' and professionals' security mindsets are also discussed. (C) 2014 Elsevier B.V. All rights reserved.
引用
收藏
页码:551 / 567
页数:17
相关论文
共 94 条
  • [1] Bridging the gap between organizational and user perspectives of security in the clinical domain
    Adams, A
    Blandford, A
    [J]. INTERNATIONAL JOURNAL OF HUMAN-COMPUTER STUDIES, 2005, 63 (1-2) : 175 - 202
  • [2] A qualitative study of users' view on information security
    Albrechtsen, Eirik
    [J]. COMPUTERS & SECURITY, 2007, 26 (04) : 276 - 289
  • [3] The information security digital divide between information security managers and users
    Albrechtsen, Eirik
    Hovden, Jan
    [J]. COMPUTERS & SECURITY, 2009, 28 (06) : 476 - 490
  • [4] Sabotage in the workplace: The role of organizational injustice
    Ambrose, ML
    Seabright, MA
    Schminke, M
    [J]. ORGANIZATIONAL BEHAVIOR AND HUMAN DECISION PROCESSES, 2002, 89 (01) : 947 - 965
  • [5] Consumer motivations in taking action against spyware: An empirical investigation
    Gurung, Anil
    Luo, Xin
    Liao, Qinyu
    [J]. Information Management and Computer Security, 2009, 17 (03): : 276 - 289
  • [6] [Anonymous], 2010, Social Engineering: The Art of Human Hacking
  • [7] Development of a measure of workplace deviance
    Bennett, RJ
    Robinson, SL
    [J]. JOURNAL OF APPLIED PSYCHOLOGY, 2000, 85 (03) : 349 - 360
  • [8] Boer H., 1996, PREDICTING HLTH BEHA, P95
  • [9] If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security
    Boss, Scott R.
    Kirsch, Laurie J.
    Angermeier, Ingo
    Shingler, Raymond A.
    Boss, R. Wayne
    [J]. EUROPEAN JOURNAL OF INFORMATION SYSTEMS, 2009, 18 (02) : 151 - 164
  • [10] Brooker B.J., 2007, INF FUS 2007 10 INT, P1
12345678910