An investigation of employee security behaviour in organisational settings: the effect of procedural security countermeasures and cultural factors
MetadataShow full item record
This item's downloads: 1259 (view details)
An increasing number of information security breaches in organisations presents a serious threat to the security of personal and commercially sensitive information. Recent research shows that humans are the weakest link in the security chain and the root cause of a great portion of security breaches. This dissertation draws on the General Deterrence Theory and prior research on organisational and national culture and examines how procedural security countermeasures, including security education and an information security policy, and cultural factors affect employee security behaviour in organisational settings. In particular, this research project answers the following questions: • How do security countermeasures affect employee security behaviour in organisational settings? • How does perceived organisational culture affect employee security behaviour in organisational settings? • How does perceived national culture affect employee security behaviour in organisational settings? Data for this research project were collected from 19 individuals, nine from organisations located in the United States and ten in Ireland, through qualitative interviews. Organisations and study participants were purposely selected. The principle of theoretical sampling guided data collection. Study’s findings demonstrate that procedural security countermeasures, including security education and an information security policy, tend to lead to compliant behaviour. Furthermore, organisational culture values of solidarity and people-orientation incline to promote compliance with information security requirements, while sociability and task-orientation lean towards non-compliant behaviour. Additionally, flat structure is associated with the improved information security in organisations because employees are empowered to bring up various issues related to information security. Finally, comparative analysis suggests differences in two data sets. In particular, employees in observed organisations located in the United States tend to be more compliant with information security rules than their counterparts from observed organisations located in Ireland. Further, group non-compliance is a more prevalent occurrence in observed organisations located in Ireland as opposed to observed cases located in the United States. Finally, it appears that employees in observed organisations located in the United States tend to put higher emphasis on information security value than employees in observed cases located in Ireland.
This item is available under the Attribution-NonCommercial-NoDerivs 3.0 Ireland. No item may be reproduced for commercial purposes. Please refer to the publisher's URL where this is made available, or to notes contained in the item itself. Other terms may apply.
The following license files are associated with this item:
Showing items related by title, author, creator and subject.
Ranganathan, Mohan Krishna; Kilmartin, Liam (Elsevier BV, 2003-04-01)
Raducan, Iliaru; Corcoran, Peter (IEEE, 2012)Cloud computing suggests that we can move computers from the desktop onto the network. In this article, we investigate whether we can do the same with digital imaging devices. After all, for most of us, the practical ...
Connolly, Lena; Lang, Michael (2012)The proliferation of information in modern society, as enabled by technologies such as portable personal devices, social media, and 'cloud'-based services, presents a potentially serious threat to individual privacy and ...