Could employees see themselves as or identify as cybersecurity end-users? What are the benefits, and how does it work?
Published: Computers & Security https://doi.org/10.1016/j.cose.2021.102340
Author: Obi Ogbanufe
Managing employee behaviors is a continuous quest for management. The quest is even more intense in the cybersecurity space, where a seemingly small unintentional activity could destabilize an organization’s network.
"Given the seriousness of information security for organizations, and the study’s results highlighting that individuals can build an identity with the information security role, perhaps it is time for organizations to recognize employees as information security end-users, security protection users, policy adherents, even security enthusiasts."
Abstract
Managing employee behaviors is a continuous quest for management. The quest is even more intense in the information security space, where a seemingly unintentional activity could have a consequential effect on an organization’s security. The information security literature has used many theoretical approaches to explain how to regulate employee security behaviors, including protection motivation and deterrence. However, a theoretical approach that has captured the focus in organizational literature for behavioral regulation and yet to be realized in the information security domain is work-related identities. Work-related identity regulation depends on settings and situations in which the individual is embedded. This study draws from the identity theory and information security literature to explore how factors in the information security setting (security threats, security policy, and organizational
support) help foment work-related information security identity and security behaviors. Our
findings show that these factors significantly increase the user’s identification in their roles
in information security, and in turn, security behaviors. #cyberrisk, #cyberenthusiat, #cybersecuritybehaviors, #cyberidentity, #cybersecurityroleidentity
Building a cybersecurity identity
Research question: what factors in the information security setting drive how users identify with the information security role?
Comments