Yuryna Connolly, A orcid.org/0000-0002-7110-9594, Lang, M, Gathegi, J et al. (1 more author) (2017) Organisational Culture, Procedural Countermeasures, and Employee Security Behaviour: A Qualitative Study. Information and Computer Security, 25 (2). pp. 118-136. ISSN 2056-4961
Abstract
Purpose: This paper provides new insights about security behaviour in selected U.S. and Irish organisations by investigating how organisational culture and procedural security countermeasures tend to influence employee security actions. An increasing number of information security breaches in organisations presents a serious threat to the confidentiality of personal and commercially sensitive data. While recent research shows that humans are the weakest link in the security chain and the root cause of a great portion of security breaches, the extant security literature tends to focus on technical issues.
Design/methodology/approach: This paper builds on general deterrence theory and prior organisational culture literature. The methodology adapted for this study draws on the analytical grounded theory approach employing a constant comparative method.
Findings: This paper demonstrates that procedural security countermeasures and organisational culture tend to affect security behaviour in organisational settings.
Research limitations/implications: This paper fills the void in information security research and takes its place amongst the very few studies that focus on behavioural as opposed to technical issues.
Practical implications: This paper highlights the important role of procedural security countermeasures, information security awareness, and organisational culture in managing illicit behaviour of employees.
Social implications:
Originality/value: This study extends general deterrence theory in a novel way by including information security awareness in the research model and by investigating both negative and positive behaviours.
Metadata
Item Type: | Article |
---|---|
Authors/Creators: |
|
Copyright, Publisher and Additional Information: | (c) 2017, Emerald. This is an author produced version of a paper published in Information and Computer Security. Uploaded in accordance with the publisher's self-archiving policy. |
Keywords: | Employee Security Behaviour, Organisational Culture, Information Security Policy, Security Education, Information Security Awareness |
Dates: |
|
Institution: | The University of Leeds |
Academic Units: | The University of Leeds > Faculty of Education, Social Sciences and Law (Leeds) > School of Law (Leeds) |
Depositing User: | Symplectic Publications |
Date Deposited: | 07 Apr 2017 10:34 |
Last Modified: | 19 Feb 2019 13:29 |
Status: | Published |
Publisher: | Emerald |
Identification Number: | 10.1108/ICS-03-2017-0013 |
Open Archives Initiative ID (OAI ID): | oai:eprints.whiterose.ac.uk:114696 |