Keeping secure to the end: a long-term perspective to understand employees' consequence-delayed information security violation.
In: Behaviour & Information Technology, Jg. 38 (2019-05-01), Heft 5, S. 435-453
academicJournal
Zugriff:
Employees' violation of information security policies is a major threat to an organisation. Some violations such as using an easy-to-guess password or storing confidential data on personal unencrypted flash drives usually do not cause immediate harm; instead, these actions create security flaws that can be attacked in the future and cause delayed consequences. We call such behaviour consequence-delayed information security violation (CDISV). The ignorance or denial of the possible delayed consequences is the main reason employees engage in such insecure behaviour. Due to the delay between the action and the consequence, a long-term mindset could play an important role in employees' current decision-making. Specifically, in this study, we propose that long-term orientation is an influential factor in decreasing CDISV. The long-term orientation includes three dimensions: continuity, futurity, and perseverance. In addition, based on the stewardship theory and the needs theory, we further propose that value identification and the fulfilment of higher-order needs (trusted relationship and growth) are important drivers for employees to have a long-term orientation. We collected survey data using the 170 responses we received from a global company's employees. The empirical results support our arguments. Our findings provide implications to organisations to encourage employees' information security behaviours. [ABSTRACT FROM AUTHOR]
Copyright of Behaviour & Information Technology is the property of Taylor & Francis Ltd and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Titel: |
Keeping secure to the end: a long-term perspective to understand employees' consequence-delayed information security violation.
|
---|---|
Autor/in / Beteiligte Person: | Li, Ying ; Zhang, Nan ; Siponen, Mikko |
Zeitschrift: | Behaviour & Information Technology, Jg. 38 (2019-05-01), Heft 5, S. 435-453 |
Veröffentlichung: | 2019 |
Medientyp: | academicJournal |
ISSN: | 0144-929X (print) |
DOI: | 10.1080/0144929X.2018.1539519 |
Schlagwort: |
|
Sonstiges: |
|