47,153 research outputs found
Roles of Information Security Awareness and Perceived Fairness in Information Security Policy Compliance
Drawing on the Theory of Planned Behavior (TPB), this research investigates two factors that drive an employee to comply with requirements of the information security policy (ISP) of her organization with regards to protecting information and technology resources: an employeeâs information security awareness (ISA) and her perceived fairness of the requirements of the ISP. Our results, which is based on the PLS analysis of data collected from 464 participants, show that ISA and perceived fairness positively affect attitude, and in turn attitude positively affects intention to comply. ISA also has an indirect impact on attitude since it positively influences perceived fairness. As organizations strive to get their employees to follow their information security rules and regulations, our study sheds light on the role of an employeeâs ISA and procedural fairness with regards to security rules and regulations in the workplace
The impact of an employee's psychological contract breach on compliance with information security policies: intrinsic and extrinsic motivation
Despite the rapid rise in social engineering attacks, not all employees are
as compliant with information security policies (ISPs) to the extent that
organisations expect them to be. ISP non-compliance is caused by a variety of
psychological motivation. This study investigates the effect of psychological
contract breach (PCB) of employees on ISP compliance intention (ICI) by
dividing them into intrinsic and extrinsic motivation using the theory of
planned behaviour (TPB) and the general deterrence theory (GDT). Data analysis
from UK employees (\textit{n=206}) showed that the higher the PCB, the lower
the ICI. The study also found that PCBs significantly reduced intrinsic
motivation (attitude and perceived fairness) for ICI, whereas PCBs did not
moderate the relationship between extrinsic motivation (sanction severity and
sanctions certainty) and ICI. As a result, this study successfully addresses
the risks of PCBs in the field of IS security and proposes effective solutions
for employees with high PCBs.Comment: 27 pages, 3 figure
Information Security Policy Compliance in SMEs
In the paper we examined attitudes, intent and adherence to information
security policies and procedures in SMEs in Slovakia. Data were collected from the
employees of several SME in Slovak republic. Not all enterprises have established
information security policies and procedures. Only 443 respondents (from 722) worked
in a SME that had formulated an information security policy. The impact of the size of
enterprises, age on the measured variables has not been shown. IT related jobs,
managerial post and education level of the respondents has shown significant impact in
the evaluation of attitudes, intentions and adherence to information security policies and
procedures. From statistical methods we use the maximum-likelihood estimation of the
polychoric correlation coefficient. The calculations have been carried out in R statistical
programming environment
Examining Employee Social Media Deviance: A Psychological Contract Breach Perspective
With the prevalence of social media, employeesâ deviant behaviors on social media can go viral and result in unpredictable negative outcomes beyond the workplace. This paper investigates the relationship between abusive supervision and employee social media deviance from the theoretical perspective of psychological contract breach (PCB), and examine the moderating role of social media controls. Building on prior studies of abusive supervision and employee workplace deviance, this paper argues that abusive supervision plays a crucial motivational role in triggering employee social media deviance. Our results demonstrate that employees who experience abusive supervision are more likely to perceive PCB, and thus engage in social media deviance. User awareness of social media policy and informal sanctions can weaken the positive relationship between employee perceived PCB and social media deviance
CEPS Task Force on Artificial Intelligence and Cybersecurity Technology, Governance and Policy Challenges Task Force Evaluation of the HLEG Trustworthy AI Assessment List (Pilot Version). CEPS Task Force Report 22 January 2020
The Centre for European Policy Studies launched a Task Force on Artificial Intelligence (AI) and
Cybersecurity in September 2019. The goal of this Task Force is to bring attention to the market,
technical, ethical and governance challenges posed by the intersection of AI and cybersecurity,
focusing both on AI for cybersecurity but also cybersecurity for AI. The Task Force is multi-stakeholder
by design and composed of academics, industry players from various sectors, policymakers and civil
society.
The Task Force is currently discussing issues such as the state and evolution of the application of AI
in cybersecurity and cybersecurity for AI; the debate on the role that AI could play in the dynamics
between cyber attackers and defenders; the increasing need for sharing information on threats and
how to deal with the vulnerabilities of AI-enabled systems; options for policy experimentation; and
possible EU policy measures to ease the adoption of AI in cybersecurity in Europe.
As part of such activities, this report aims at assessing the High-Level Expert Group (HLEG) on AI Ethics
Guidelines for Trustworthy AI, presented on April 8, 2019. In particular, this report analyses and
makes suggestions on the Trustworthy AI Assessment List (Pilot version), a non-exhaustive list aimed
at helping the public and the private sector in operationalising Trustworthy AI. The list is composed
of 131 items that are supposed to guide AI designers and developers throughout the process of
design, development, and deployment of AI, although not intended as guidance to ensure
compliance with the applicable laws. The list is in its piloting phase and is currently undergoing a
revision that will be finalised in early 2020.
This report would like to contribute to this revision by addressing in particular the interplay between
AI and cybersecurity. This evaluation has been made according to specific criteria: whether and how
the items of the Assessment List refer to existing legislation (e.g. GDPR, EU Charter of Fundamental
Rights); whether they refer to moral principles (but not laws); whether they consider that AI attacks
are fundamentally different from traditional cyberattacks; whether they are compatible with
different risk levels; whether they are flexible enough in terms of clear/easy measurement,
implementation by AI developers and SMEs; and overall, whether they are likely to create obstacles
for the industry.
The HLEG is a diverse group, with more than 50 members representing different stakeholders, such
as think tanks, academia, EU Agencies, civil society, and industry, who were given the difficult task of
producing a simple checklist for a complex issue. The public engagement exercise looks successful
overall in that more than 450 stakeholders have signed in and are contributing to the process.
The next sections of this report present the items listed by the HLEG followed by the analysis and
suggestions raised by the Task Force (see list of the members of the Task Force in Annex 1)
Factors that Affect the Success of Security Education, Training, and Awareness Programs: A Literature Review
Preventing IT security incidents poses a great challenge for organizations. Today, senior managers allocate more resources to IT security programs (especially those programs that focus on educating and training employees) in order to reduce human misbehaviorâa significant cause of IT security incidents. Building on the results of a literature review, we identify factors that affect the success of security education, training, and awareness (SETA) programs and organize them in a conceptual classification. The classification contains human influencing factors derived from different behavioral, decision making, and criminology theories that lead to IT security compliance and noncompliance. The classification comprehensively summarizes these factors and shows the correlations between them. The classification can help one to design and develop SETA programs and to establish suitable conditions for integrating them into organizations
Integrating Cognition with an Affective Lens to Better Understand Information Security Policy Compliance
Information systems security behavioral research has primarily focused on individual cognitive processes and their impact on information security policy noncompliance. However, affective processes (operationalized by affective absorption and affective flow) may also significantly contribute to misuse or information security policy noncompliance. Our research study evaluated the impact of affective absorption (i.e., the trait or disposition to allow oneâs emotions to drive decision-making) and affective flow (i.e., a state of immersion with oneâs emotions) on cognitive processes in the context of attitude toward and compliance with information security policies. Our conceptual model was evaluated using a laboratory research design. We found that individuals who were frustrated by work-related tasks experienced negative affective flow and violated information security policies. Furthermore, perceptions of organizational injustice increased negative affective flow. Our findings underscore the need for understanding affective processes as well as cognitive processes which may lead to a more holistic understanding regarding information security policy compliance
The Role of Abusive Supervision and Interactional Justice in Employee Information Security Policy Noncompliance Intention
Employee information security noncompliance behaviors may ruin an organizationâs reputation; thus, much scholarly effort has been devoted to reducing deviating behaviors in organizations. We attempt to determine what motivations may contribute to the formation of an employeesâ noncompliance behavioral intentions. The proposed research model links the relationship between abusive supervision and policy noncompliance intention in an information security context. Drawing on organizational justice research, this work explores the role of abusive supervision in employeesâ noncompliance with information security policy from an interactional justice perspective and further proposes that the effect of interactional justice on noncompliance intention is moderated by the certainty and severity of sanctions based on general deterrence theory. We present a theoretical foundation for this investigation and an empirical design for exploring this research question. We also propose a plan for a research design and data collection, with results to be presented in the future
- âŠ