Encouraging users to behave securely

Examining the influence of technical, managerial, and educational controls on users' secure behavior

Jeffrey L. Jenkins, Alexandra Durcikova, Grayson Ross, Jay F Nunamaker

Research output: Chapter in Book/Report/Conference proceedingConference contribution

8 Citations (Scopus)

Abstract

The human is frequently referred to as the weakest link of security. Employees who engage in behaviors contrary to their organization's security policy often cause undesirable outcomes. This research presents a dual-processing model explaining and predicting secure behavior in relation to password policies. The model posits that the number of password security layers (technical controls), training (educational controls), and manager attitude toward secure behavior (managerial controls) influence secure behavior directly and also indirectly through security policy satisfaction. An experiment was designed to test our model utilizing a realistic corporate environment that captures users' security policy compliance. The results show that the combination of low technical controls and the presence of training significantly increase new employees' compliance with the security policy. Positive managerial controls and low technical controls increase satisfaction with the security policy; however, satisfaction with the security policy was not significantly related to secure behavior for new employees.

Original languageEnglish (US)
Title of host publicationICIS 2010 Proceedings - Thirty First International Conference on Information Systems
StatePublished - 2010
Event31st International Conference on Information Systems, ICIS 2010 - Saint Louis, MO, United States
Duration: Dec 12 2010Dec 15 2010

Other

Other31st International Conference on Information Systems, ICIS 2010
CountryUnited States
CitySaint Louis, MO
Period12/12/1012/15/10

Fingerprint

Personnel
Managers
Processing
Experiments
Compliance

Keywords

  • Compliance
  • Dual-processing
  • Expectancy value theory
  • Information system security
  • Password policy
  • Secure behavior
  • Security policy
  • Yield shift theory

ASJC Scopus subject areas

  • Information Systems

Cite this

Jenkins, J. L., Durcikova, A., Ross, G., & Nunamaker, J. F. (2010). Encouraging users to behave securely: Examining the influence of technical, managerial, and educational controls on users' secure behavior. In ICIS 2010 Proceedings - Thirty First International Conference on Information Systems

Encouraging users to behave securely : Examining the influence of technical, managerial, and educational controls on users' secure behavior. / Jenkins, Jeffrey L.; Durcikova, Alexandra; Ross, Grayson; Nunamaker, Jay F.

ICIS 2010 Proceedings - Thirty First International Conference on Information Systems. 2010.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Jenkins, JL, Durcikova, A, Ross, G & Nunamaker, JF 2010, Encouraging users to behave securely: Examining the influence of technical, managerial, and educational controls on users' secure behavior. in ICIS 2010 Proceedings - Thirty First International Conference on Information Systems. 31st International Conference on Information Systems, ICIS 2010, Saint Louis, MO, United States, 12/12/10.
Jenkins JL, Durcikova A, Ross G, Nunamaker JF. Encouraging users to behave securely: Examining the influence of technical, managerial, and educational controls on users' secure behavior. In ICIS 2010 Proceedings - Thirty First International Conference on Information Systems. 2010
Jenkins, Jeffrey L. ; Durcikova, Alexandra ; Ross, Grayson ; Nunamaker, Jay F. / Encouraging users to behave securely : Examining the influence of technical, managerial, and educational controls on users' secure behavior. ICIS 2010 Proceedings - Thirty First International Conference on Information Systems. 2010.
@inproceedings{72104c4d62244549963d7bd2a6a46ac9,
title = "Encouraging users to behave securely: Examining the influence of technical, managerial, and educational controls on users' secure behavior",
abstract = "The human is frequently referred to as the weakest link of security. Employees who engage in behaviors contrary to their organization's security policy often cause undesirable outcomes. This research presents a dual-processing model explaining and predicting secure behavior in relation to password policies. The model posits that the number of password security layers (technical controls), training (educational controls), and manager attitude toward secure behavior (managerial controls) influence secure behavior directly and also indirectly through security policy satisfaction. An experiment was designed to test our model utilizing a realistic corporate environment that captures users' security policy compliance. The results show that the combination of low technical controls and the presence of training significantly increase new employees' compliance with the security policy. Positive managerial controls and low technical controls increase satisfaction with the security policy; however, satisfaction with the security policy was not significantly related to secure behavior for new employees.",
keywords = "Compliance, Dual-processing, Expectancy value theory, Information system security, Password policy, Secure behavior, Security policy, Yield shift theory",
author = "Jenkins, {Jeffrey L.} and Alexandra Durcikova and Grayson Ross and Nunamaker, {Jay F}",
year = "2010",
language = "English (US)",
isbn = "9780615418988",
booktitle = "ICIS 2010 Proceedings - Thirty First International Conference on Information Systems",

}

TY - GEN

T1 - Encouraging users to behave securely

T2 - Examining the influence of technical, managerial, and educational controls on users' secure behavior

AU - Jenkins, Jeffrey L.

AU - Durcikova, Alexandra

AU - Ross, Grayson

AU - Nunamaker, Jay F

PY - 2010

Y1 - 2010

N2 - The human is frequently referred to as the weakest link of security. Employees who engage in behaviors contrary to their organization's security policy often cause undesirable outcomes. This research presents a dual-processing model explaining and predicting secure behavior in relation to password policies. The model posits that the number of password security layers (technical controls), training (educational controls), and manager attitude toward secure behavior (managerial controls) influence secure behavior directly and also indirectly through security policy satisfaction. An experiment was designed to test our model utilizing a realistic corporate environment that captures users' security policy compliance. The results show that the combination of low technical controls and the presence of training significantly increase new employees' compliance with the security policy. Positive managerial controls and low technical controls increase satisfaction with the security policy; however, satisfaction with the security policy was not significantly related to secure behavior for new employees.

AB - The human is frequently referred to as the weakest link of security. Employees who engage in behaviors contrary to their organization's security policy often cause undesirable outcomes. This research presents a dual-processing model explaining and predicting secure behavior in relation to password policies. The model posits that the number of password security layers (technical controls), training (educational controls), and manager attitude toward secure behavior (managerial controls) influence secure behavior directly and also indirectly through security policy satisfaction. An experiment was designed to test our model utilizing a realistic corporate environment that captures users' security policy compliance. The results show that the combination of low technical controls and the presence of training significantly increase new employees' compliance with the security policy. Positive managerial controls and low technical controls increase satisfaction with the security policy; however, satisfaction with the security policy was not significantly related to secure behavior for new employees.

KW - Compliance

KW - Dual-processing

KW - Expectancy value theory

KW - Information system security

KW - Password policy

KW - Secure behavior

KW - Security policy

KW - Yield shift theory

UR - http://www.scopus.com/inward/record.url?scp=84870959774&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84870959774&partnerID=8YFLogxK

M3 - Conference contribution

SN - 9780615418988

BT - ICIS 2010 Proceedings - Thirty First International Conference on Information Systems

ER -