Nudge to Promote Employees' Information Security Compliance Behavior: A Field Study

被引:0
|
作者
Inaba, Midori [1 ]
Terada, Takeaki [2 ,3 ]
机构
[1] Inst Informat Secur, Yokohama, Kanagawa, Japan
[2] Fujitsu Ltd, Kawasaki, Kanagawa, Japan
[3] Nagasaki Univ, Nagasaki, Japan
来源
2023 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE, CSR | 2023年
关键词
nudge; security behavior; information security policy; compliance; security patch application; POLICY COMPLIANCE; IMPACT; ORGANIZATIONS; DETERRENCE;
D O I
10.1109/CSR57506.2023.10224994
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
This field study performed an experiment to observe practical effects of a nudge on facilitating employees' security compliance in one company's department. We examined if the nudges speeded up the employees' manual implication of applying the security patch to all their devices, which constituted a security compliance behavior in the experimental environment. Each employee was provided with one of three types of nudges informing the state of others: informing about the progress of general employees with a similar number of devices, informing about the progress of one's working team members, and providing information regarding both. As a result, providing information regarding both uniformly accelerated their patching behaviors although providing only team information severely delayed these behaviors. This study indicates the potential of a nudge as a security management intervention and showcases its effective design.
引用
收藏
页码:335 / 340
页数:6
相关论文
共 50 条
  • [31] Sustainable Information Security Behavior Management: An Empirical Approach for the Causes of Employees' Voice Behavior
    Lee, Woo Jin
    Hwang, Inho
    SUSTAINABILITY, 2021, 13 (11)
  • [32] Fostering information security policies compliance with ISA-95-based framework: an empirical study of oil and gas employees
    Rao Faizan Ali
    P. D. D. Dominic
    Sadaf Hina
    Sheraz Naseer
    International Journal of Information Security, 2024, 23 : 1197 - 1213
  • [33] Fostering information security policies compliance with ISA-95-based framework: an empirical study of oil and gas employees
    Ali, Rao Faizan
    Dominic, P. D. D.
    Hina, Sadaf
    Naseer, Sheraz
    INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 2024, 23 (02) : 1197 - 1213
  • [34] Information security policy compliance: a replication study in Ethiopia
    Aebissa, Berhanu
    Dhillon, Gurpreet
    Meshesha, Million
    INFORMATION AND COMPUTER SECURITY, 2024,
  • [35] Promoting Information Security Policy Compliance - An Empirical Study
    Li, Lei
    Han, Meng
    AMCIS 2020 PROCEEDINGS, 2020,
  • [36] Nudge interventions needed to promote healthy diet among employees with physical work and employees not eating in a staff restaurant
    Rantala, Eeva
    Pentikainen, Saara
    Absetz, Pilvikki
    Tilles-Tirkkonen, Tanja
    Kolehmainen, Marjukka
    Pihlajamaki, Jussi
    Poutanen, Kaisa
    Karhunen, Leila
    PROCEEDINGS OF THE NUTRITION SOCIETY, 2020, 79 (OCE2) : E107 - E107
  • [37] Does Leadership Approach Matter? Examining Behavioral Influences of Leaders on Employees' Information Security Compliance
    Tejay, Gurvirender P. S.
    Winkfield, Marcus
    INFORMATION SYSTEMS FRONTIERS, 2025,
  • [38] Sanction severity and employees' information security policy compliance: Investigating mediating, moderating, and control variables
    Chen, Xiaofeng
    Wu, Dazhong
    Chen, Liqiang
    Teng, Joe K. L.
    INFORMATION & MANAGEMENT, 2018, 55 (08) : 1049 - 1060
  • [39] Understanding the Incentive Mechanism of Penalty for Information Security Policy Compliance Behavior
    Wang, Xiaolong
    Li, Wenli
    2018 7TH INTERNATIONAL CONFERENCE ON SOCIAL SCIENCE, EDUCATION AND HUMANITIES RESEARCH (SSEHR 2018), 2018, : 19 - 25
  • [40] Using the Theory of Interpersonal Behavior to predict Information Security Policy Compliance
    Chin, Won Yoon
    Chua, Hui Na
    2021 EIGHT INTERNATIONAL CONFERENCE ON EDEMOCRACY & EGOVERNMENT (ICEDEG), 2021, : 80 - 87
12345