Can perceptual differences account for enigmatic information security behaviour in an organisation?
Abstract
Information security in organisations is often threatened by risky behaviour of users. Despite
information security awareness and training programmes, the human aspect of information
security remains a critical and challenging component of a safe and secure information
environment, and users reveal personal and confidential information regularly when asked
for it. In an effort to explain and understand this so-called privacy paradox, this paper investigates
aspects of trust and perceptual differences, based on empirical research. Two
preceding social engineering exercises form the basis of the research project and are also
presented as background information. Following the empirical work, a safe and secure information
model is proposed. It is then argued that perceptual alignment of different
organisational groups is a critical and prerequisite requirement to reach information security
congruence between groups of people. In the context of the proposed model, the
perceptual differences also offer some explanation as to why users with high levels of security
awareness as well as high levels of trust in own and organisational capabilities so
often fall victim to social engineering scams. The empirical work was performed at a large
utility company and results are presented together with appropriate discussions
URI
http://hdl.handle.net/10394/19856https://doi.org/10.1016/j.cose.2016.05.006
http://www.sciencedirect.com/science/article/pii/S0167404816300645