An investigation of employee security behaviour in organisational settings: the effect of procedural security countermeasures and cultural factors
MetadataShow full item record
This item's downloads: 1549 (view details)
An increasing number of information security breaches in organisations presents a serious threat to the security of personal and commercially sensitive information. Recent research shows that humans are the weakest link in the security chain and the root cause of a great portion of security breaches. This dissertation draws on the General Deterrence Theory and prior research on organisational and national culture and examines how procedural security countermeasures, including security education and an information security policy, and cultural factors affect employee security behaviour in organisational settings. In particular, this research project answers the following questions: • How do security countermeasures affect employee security behaviour in organisational settings? • How does perceived organisational culture affect employee security behaviour in organisational settings? • How does perceived national culture affect employee security behaviour in organisational settings? Data for this research project were collected from 19 individuals, nine from organisations located in the United States and ten in Ireland, through qualitative interviews. Organisations and study participants were purposely selected. The principle of theoretical sampling guided data collection. Study’s findings demonstrate that procedural security countermeasures, including security education and an information security policy, tend to lead to compliant behaviour. Furthermore, organisational culture values of solidarity and people-orientation incline to promote compliance with information security requirements, while sociability and task-orientation lean towards non-compliant behaviour. Additionally, flat structure is associated with the improved information security in organisations because employees are empowered to bring up various issues related to information security. Finally, comparative analysis suggests differences in two data sets. In particular, employees in observed organisations located in the United States tend to be more compliant with information security rules than their counterparts from observed organisations located in Ireland. Further, group non-compliance is a more prevalent occurrence in observed organisations located in Ireland as opposed to observed cases located in the United States. Finally, it appears that employees in observed organisations located in the United States tend to put higher emphasis on information security value than employees in observed cases located in Ireland.
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivs 3.0 Ireland
Showing items related by title, author, creator and subject.
Enhancing trust in detecting security threats using machine learning approaches and its application in the Internet of Things Mahbooba, Basim (NUI Galway, 2022-12-13)Identifying network attacks is a very crucial task for network security. The increasing amount of network devices is creating a massive amount of data and opening new security vulnerabilities that malicious users can ...
The impact of procedural security countermeasures on employee security behaviour: A qualitative study Connolly, Alena Yuryna; Lang, Michael; Tygar, Doug J. (Association for Information Systems (AIS), 2017-09-08)The growing number of information security breaches in organisations presents a serious risk to the confidentiality of personal and commercially sensitive data. Current research studies indicate that humans are the weakest ...
Organisational culture, procedural countermeasures, and employee security behaviour: A qualitative study Connolly, Lena Yuryna; Lang, Michael; Gathegi, John; Tygar, Doug J. (Emerald, 2017-06-12)Purpose - This paper provides new insights about security behaviour in selected US and Irish organisations by investigating how organisational culture and procedural security countermeasures tend to influence employee ...