Nudge to Promote Employees' Information Security Compliance Behavior: A Field Study

被引:0
|
作者
Inaba, Midori [1 ]
Terada, Takeaki [2 ,3 ]
机构
[1] Inst Informat Secur, Yokohama, Kanagawa, Japan
[2] Fujitsu Ltd, Kawasaki, Kanagawa, Japan
[3] Nagasaki Univ, Nagasaki, Japan
来源
2023 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE, CSR | 2023年
关键词
nudge; security behavior; information security policy; compliance; security patch application; POLICY COMPLIANCE; IMPACT; ORGANIZATIONS; DETERRENCE;
D O I
10.1109/CSR57506.2023.10224994
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This field study performed an experiment to observe practical effects of a nudge on facilitating employees' security compliance in one company's department. We examined if the nudges speeded up the employees' manual implication of applying the security patch to all their devices, which constituted a security compliance behavior in the experimental environment. Each employee was provided with one of three types of nudges informing the state of others: informing about the progress of general employees with a similar number of devices, informing about the progress of one's working team members, and providing information regarding both. As a result, providing information regarding both uniformly accelerated their patching behaviors although providing only team information severely delayed these behaviors. This study indicates the potential of a nudge as a security management intervention and showcases its effective design.
引用
收藏
页码:335 / 340
页数:6
相关论文
共 50 条
  • [21] Digital Workplaces and Information Security Behavior of Business Employees: An Empirical Study of Saudi Arabia
    Saeed, Saqib
    SUSTAINABILITY, 2023, 15 (07)
  • [22] Information Security Culture Dimensions in Information Security Policy Compliance Study: A Review
    Nasir, Akhyari
    Arshah, Ruzaini Abdullah
    ADVANCED SCIENCE LETTERS, 2018, 24 (02) : 943 - 946
  • [23] Toward a stage theory of the development of employees' information security behavior
    Karjalainen, Mari
    Siponen, Mikko
    Sarker, Suprateek
    COMPUTERS & SECURITY, 2020, 93
  • [24] Information Security Behavior among Employees from the Islamic Perspective
    Barzak, Omar
    Molok, Nurul Nuha Abdul
    Talib, Shuhaili
    Mahmud, Murni
    2016 6TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION TECHNOLOGY FOR THE MUSLIM WORLD (ICT4M), 2016, : 211 - 215
  • [25] Information Security Behavior and Information Security Policy Compliance: A Systematic Literature Review for Identifying the Transformation Process from Noncompliance to Compliance
    Ali, Rao Faizan
    Dominic, P. D. D.
    Ali, Syed Emad Azhar
    Rehman, Mobashar
    Sohail, Abid
    APPLIED SCIENCES-BASEL, 2021, 11 (08):
  • [26] Understanding employees' information security-related stress and policy compliance intention: the roles of information security fatigue and psychological capital
    Chen, Hao
    Liu, Mengya
    Lyu, Tu
    INFORMATION AND COMPUTER SECURITY, 2022, 30 (05) : 751 - 770
  • [27] Not all information security-related stresses are equal: the effects of challenge and hindrance stresses on employees' compliance with information security policies
    Chen, Hao
    Hai, Yuge
    Tu, Lyu
    Fan, Jiajia
    BEHAVIOUR & INFORMATION TECHNOLOGY, 2023, 43 (16) : 3939 - 3954
  • [28] Employees' adherence to information security policies: An empirical study
    Siponen, Mikko
    Pahnila, Seppo
    Mahmood, Adam
    NEW APPROACHES FOR SECURITY, PRIVACY AND TRUST IN COMPLEX ENVIRONMENTS, 2007, 232 : 133 - +
  • [29] Examining technostress creators and role stress as potential threats to employees' information security compliance
    Hwang, Inho
    Cha, Oona
    COMPUTERS IN HUMAN BEHAVIOR, 2018, 81 : 282 - 293
  • [30] The Formulation of Comprehensive Information Security Culture Dimensions for Information Security Policy Compliance Study
    Nasir, Akhyari
    Arshah, Ruzaini Abdullah
    Ab Hamid, Mohd Rashid
    ADVANCED SCIENCE LETTERS, 2018, 24 (10) : 7690 - 7695
12345