Enhancing End-User Roles in Information Security: Exploring the Setting, Situation, and Identity

摘要

Managing employee behaviors is a continuous quest for management. The quest is even more intense in the information security space, where a seemingly unintentional activity could have a consequential effect on an organization's security. The information security literature has used many theoretical approaches to explain how to regulate employee security behaviors, including protection motivation and deterrence. However, a theoretical approach that has captured the focus in organizational literature for behavioral regulation and yet to be realized in the information security domain is work-related identities. Work-related identity regulation depends on settings and situations in which the individual is embedded. This study draws from the identity theory and information security literature to explore how factors in the information security setting (security threats, security policy, and organizational support) help foment work-related information security identity and security behaviors. Our findings show that these factors significantly increase the user's identification in their roles in information security, and in turn, security behaviors. This research has implications for research and practice.