Encouraging users to behave securely: Examining the influence of technical, managerial, and educational controls on users' secure behavior

Jeffrey L. Jenkins, Alexandra Durcikova, Grayson Ross, Jay F. Nunamaker

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Scopus citations

Abstract

The human is frequently referred to as the weakest link of security. Employees who engage in behaviors contrary to their organization's security policy often cause undesirable outcomes. This research presents a dual-processing model explaining and predicting secure behavior in relation to password policies. The model posits that the number of password security layers (technical controls), training (educational controls), and manager attitude toward secure behavior (managerial controls) influence secure behavior directly and also indirectly through security policy satisfaction. An experiment was designed to test our model utilizing a realistic corporate environment that captures users' security policy compliance. The results show that the combination of low technical controls and the presence of training significantly increase new employees' compliance with the security policy. Positive managerial controls and low technical controls increase satisfaction with the security policy; however, satisfaction with the security policy was not significantly related to secure behavior for new employees.

Original languageEnglish (US)
Title of host publicationICIS 2010 Proceedings - Thirty First International Conference on Information Systems
StatePublished - Dec 1 2010
Event31st International Conference on Information Systems, ICIS 2010 - Saint Louis, MO, United States
Duration: Dec 12 2010Dec 15 2010

Publication series

NameICIS 2010 Proceedings - Thirty First International Conference on Information Systems

Other

Other31st International Conference on Information Systems, ICIS 2010
CountryUnited States
CitySaint Louis, MO
Period12/12/1012/15/10

Keywords

  • Compliance
  • Dual-processing
  • Expectancy value theory
  • Information system security
  • Password policy
  • Secure behavior
  • Security policy
  • Yield shift theory

ASJC Scopus subject areas

  • Information Systems

Fingerprint Dive into the research topics of 'Encouraging users to behave securely: Examining the influence of technical, managerial, and educational controls on users' secure behavior'. Together they form a unique fingerprint.

  • Cite this

    Jenkins, J. L., Durcikova, A., Ross, G., & Nunamaker, J. F. (2010). Encouraging users to behave securely: Examining the influence of technical, managerial, and educational controls on users' secure behavior. In ICIS 2010 Proceedings - Thirty First International Conference on Information Systems (ICIS 2010 Proceedings - Thirty First International Conference on Information Systems).