Developing a Viral Artifact to Improve Employees’ Security Behavior
Authors: Stefan Bauer, Josef Frysak
Abstract:
According to the scientific information management literature, the improper use of information technology (e.g. personal computers) by employees are one main cause for operational and information security loss events. Therefore, organizations implement information security awareness programs to increase employees’ awareness to further prevention of loss events. However, in many cases these information security awareness programs consist of conventional delivery methods like posters, leaflets, or internal messages to make employees aware of information security policies. We assume that a viral information security awareness video might be more effective medium than conventional methods commonly used by organizations. The purpose of this research is to develop a viral video artifact to improve employee security behavior concerning information technology.
Keywords: Information Security Awareness, Delivery Methods, Viral Videos, Employee Security Behavior.
Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1094161
Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1751References:
[1] ORX, "Operational Risk Loss Report 2012," Operational Risk eXchange Association2013.
[2] S. Jahner and H. Krcmar, "Beyond Technical Aspects of Information Security: Risk Culture as a Success Factor for IT Risk Management," in Americas Conference on Information Systems (11th AMCIS), Omaha, NE, 2005.
[3] M. Warkentin and R. Willison, "Behavioral and policy issues in information systems security: the insider threat," European Journal of Information Systems, vol. 18, pp. 101-105, 2009.
[4] A. J.-T. Chang and Q.-J. Yeh, "On security preparations against possible IS threats across industries," Information Management & Computer Security, vol. 14, pp. 343-360, 2006.
[5] S. Bauer, E. W. N. Bernroider, and K. Chudzikowski, "End User Information Security Awareness Programs for Improving Information Security in Banking Organizations: Preliminary Results from an Exploratory Study," in AIS SIGSEC Workshop on Information Security & Privacy (WISP2013), Milano, 2013.
[6] R. S. Shaw, C. C. Chen, A. L. Harris, and H.-J. Huang, "The impact of information richness on information security awareness training effectiveness," Computers & Education, vol. 52, pp. 92-100, 2009.
[7] M. Siponen and A. Vance, "Neutralization: New Insights into the Problem of Employee Information Systems Security Policy Violations," MIS Quarterly, vol. 34, pp. 487-502, 2010.
[8] M. Warkentin, D. Straub, and K. Malimage, "Featured Talk: Measuring Secure Behavior: A Research Commentary," presented at the Annual Symposium of Information Assurance & Secure Knowledge Management, Albany, NY, 2012.
[9] R. Ferguson, "Word of mouth and viral marketing: taking the temperature of the hottest trends in marketing," Journal of Consumer Marketing, vol. 25, pp. 179-182, 2008.
[10] K. Nelson-Field, E. Riebe, and K. Newstead, "The emotions that drive viral video," Australasian Marketing Journal (AMJ), vol. 21, pp. 205-211, 2013.
[11] R. D. Waters and P. M. Jones, "Using Video to Build an Organization's Identity and Brand: A Content Analysis of Nonprofit Organizations' YouTube Videos," Journal of Nonprofit & Public Sector Marketing, vol. 23, pp. 248-268, 2011.
[12] A. Dobele, A. Lindgreen, M. Beverland, J. Vanhamme, and R. van Wijk, "Why pass on viral messages? Because they connect emotionally," Business Horizons, vol. 50, pp. 291-304, 2007.
[13] P. Ifinedo, "Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory," Computers & Security, vol. 31, pp. 83-95, 2012.
[14] R. E. Guadagno, D. M. Rempala, S. Murphy, and B. M. Okdie, "What makes a video go viral? An analysis of emotional contagion and Internet memes," Computers in Human Behavior, vol. 29, pp. 2312-2319, 2013.
[15] S.-P. Oriyano and R. Shimonski, "Mobile Attacks," Client-Side Attacks and Defense, pp. 223-241, 2012.
[16] T. Sommestad and J. Hallberg, "A review of the theory of planned behaviour in the context of information security policy compliance," in International Information Security and Privacy Conference, 2013.
[17] S. Bauer and E. W. N. Bernroider, "An Analysis of the Combined Influences of Neutralization and Planned Behavior on Desirable Information Security Behavior," presented at the 13th Annual Security Conference, Las Vegas, 2014.
[18] J. Webster and R. T. Watson, "Analyzing the Past to Prepare for the Future: Writing a Literature Review," MIS Quarterly, vol. 26, pp. xiii-xxiii, 2002.
[19] A. Hevner and S. Chatterjee, Design Research in Information Systems: Springer, 2010.
[20] K. Peffers, T. Tuunanen, M. Rothenberger, and S. Chatterjee, "A Design Science Research Methodology for Information Systems Research," Journal of Management Information Systems, vol. 24, pp. 45-78, 2007.
[21] E. Albrechtsen and J. Hovden, "Improving information security awareness and behaviour through dialogue, participation and collective reflection. An intervention study," Computers & Security, vol. 29, pp. 432-445, 2010.
[22] M. Sarstedt, C. M. Ringle, and J. F. Hair, "PLS-SEM: Indeed a Silver Bullet," The Journal of Marketing Theory and Practice, vol. 19, pp. 139-152, 2011.