Abstract

The growing number of information security breaches in organisations presents a serious risk to the confidentiality of personal and commercially sensitive data. Current research studies indicate that humans are the weakest link in the information security chain and the root cause of numerous security incidents in organisations. Based on literature gaps, this study investigates how procedural security countermeasures tend to affect employee security behaviour. Data for this study was collected in organisations located in the United States and Ireland. Results suggest that procedural security countermeasures are inclined to promote security-cautious behaviour in organisations, while their absence tends to lead to non-compliant behaviour.

Recommended Citation

Connolly, L., Lang, M., & Tygar, D. (2017). The Impact of Procedural Security Countermeasures on Employee Security Behaviour: A Qualitative Study. In Paspallis, N., Raspopoulos, M. Barry, M. Lang, H. Linger, & C. Schneider (Eds.), Information Systems Development: Advances in Methods, Tools and Management (ISD2017 Proceedings). Larnaca, Cyprus: University of Central Lancashire Cyprus. ISBN: 978-9963-2288-3-6. http://aisel.aisnet.org/isd2014/proceedings2017/Security/4.

Paper Type

Event

Share

COinS
 

The Impact of Procedural Security Countermeasures on Employee Security Behaviour: A Qualitative Study

The growing number of information security breaches in organisations presents a serious risk to the confidentiality of personal and commercially sensitive data. Current research studies indicate that humans are the weakest link in the information security chain and the root cause of numerous security incidents in organisations. Based on literature gaps, this study investigates how procedural security countermeasures tend to affect employee security behaviour. Data for this study was collected in organisations located in the United States and Ireland. Results suggest that procedural security countermeasures are inclined to promote security-cautious behaviour in organisations, while their absence tends to lead to non-compliant behaviour.