Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/emerald-publishing/in-their-own-words-employee-attitudes-towards-information-security-E43M6Qtw0V
References (25)
-
D. Ashenden (2017)
What Do They Really Think? Overcoming Social Acceptability Bias in Information Security Research -
D. Ashenden, D. Lawrence (2013)
Can we sell security like soap?: a new approach to behaviour change -
J. Stanton, K. Stam, Paul Mastrangelo, Jeffrey Jolton (2005)
Analysis of end user security behaviorsComput. Secur., 24
-
Users are not the enemy
Communications of the, 42
-
P. Adamson, J. Caple (1996)
The training and development audit evolves: is your training and development budget wasted?Journal of European Industrial Training, 20
-
M. Hunter, J. Beck (2000)
Using Repertory Grids to Conduct Cross-Cultural Information Systems ResearchInf. Syst. Res., 11
-
M. Pattinson, K. Parsons, M. Butavicius, Agata McCormac, D. Calic (2016)
Assessing information security attitudes: a comparison of two studiesInf. Comput. Secur., 24
-
F. Fransella, R. Bell, D. Bannister (1977)
A manual for repertory grid technique -
I. Kirlappos, M. Sasse (2012)
Security Education against Phishing: A Modest Proposal for a Major RethinkIEEE Security & Privacy, 10
-
M. Easterby-Smith, R. Thorpe, D. Holman (1996)
Using repertory grids in managementJournal of European Industrial Training, 20
-
D. Ashenden, A. Sasse (2013)
CISOs and organisational culture: Their own worst enemy?Comput. Secur., 39
-
Mitchell Kajzer, J. D'Arcy, C. Crowell, A. Striegel, D. Bruggen (2014)
An exploratory investigation of message-person congruence in information security awareness campaignsComput. Secur., 43
-
Fatema Kawaf, S. Tagg (2017)
The construction of online shopping experience: A repertory grid approachComput. Hum. Behav., 72
-
Seppo Pahnila, M. Siponen, M. Mahmood (2007)
Employees' Behavior towards IS Security Policy Compliance2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07)
-
D. Jankowicz (2003)
The Easy Guide to Repertory Grids -
Andrew Kotulic, J. Clark (2004)
Why there aren't more information security research studiesInf. Manag., 41
-
Burcu Bulgurcu, H. Cavusoglu, I. Benbasat (2010)
Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security AwarenessMIS Q., 34
-
J. Potter, M. Wetherell (1987)
Discourse and Social Psychology: Beyond Attitudes and Behaviour -
Cormac Herley (2009)
So long, and no thanks for the externalities: the rational rejection of security advice by users -
G. Kelly (2005)
George Alexander Kelly: The Man and his Theory -
A. Adams, M. Sasse (1999)
Users are not the enemyCommun. ACM, 42
-
M. Augoustinos, I. Walker, N. Donaghue (1996)
Social Cognition: An Integrated Introduction -
Liisa Myyry, M. Siponen, Seppo Pahnila, Tero Vartiainen, Anthony Vance (2009)
What levels of moral reasoning and values explain adherence to information security rules? An empirical studyEuropean Journal of Information Systems, 18
-
E. Albrechtsen (2007)
A qualitative study of users' view on information securityComput. Secur., 26
-
The first stage of analysis was to look at the response to the elements. The responses to the elements came from the interviewees and were captured in the recording of the interviews
- Publisher
- Emerald Publishing
- Copyright
- Copyright © Emerald Group Publishing Limited
- ISSN
- 2056-4961
- DOI
- 10.1108/ICS-04-2018-0042
- Publisher site
- See Article on Publisher Site
Abstract
PurposeThe purpose of this study is to uncover employee attitudes towards information security and to address the issue of social acceptability bias in information security research.Design/methodology/approachThe study used personal construct psychology and repertory grids as the foundation for the study in a mixed-methods design. Data collection consisted of 11 in-depth interviews followed by a survey with 115 employee responses. The data from the interviews informed the design of the survey.FindingsThe results of the interviews identified a number of themes around individual responsibility for information security and the ability of individuals to contribute to information security. The survey demonstrated that those employees who thought the that organisation was driven by the need to protect information also thought that the risks were overstated and that their colleagues were overly cautious. Conversely, employees who thought that the organisation was driven by the need to optimise its use of information felt that the security risks were justified and that colleagues took too many risks.Research limitations/implicationsThe survey findings were not statistically significant, but by breaking the survey results down further across business areas, it was possible to see differences within groups of individuals within the organisation.Originality/valueThe literature review highlights the issue of social acceptability bias and the problem of uncovering weakly held attitudes. In this study, the use of repertory grids offers a way of addressing these issues.
Journal
Information and Computer Security – Emerald Publishing
Published: Jul 9, 2018