In their own words: employee attitudes towards information security
Abstract
Purpose
The purpose of this study is to uncover employee attitudes towards information security and to address the issue of social acceptability bias in information security research.
Design/methodology/approach
The study used personal construct psychology and repertory grids as the foundation for the study in a mixed-methods design. Data collection consisted of 11 in-depth interviews followed by a survey with 115 employee responses. The data from the interviews informed the design of the survey.
Findings
The results of the interviews identified a number of themes around individual responsibility for information security and the ability of individuals to contribute to information security. The survey demonstrated that those employees who thought the that organisation was driven by the need to protect information also thought that the risks were overstated and that their colleagues were overly cautious. Conversely, employees who thought that the organisation was driven by the need to optimise its use of information felt that the security risks were justified and that colleagues took too many risks.
Research limitations/implications
The survey findings were not statistically significant, but by breaking the survey results down further across business areas, it was possible to see differences within groups of individuals within the organisation.
Originality/value
The literature review highlights the issue of social acceptability bias and the problem of uncovering weakly held attitudes. In this study, the use of repertory grids offers a way of addressing these issues.
Keywords
Acknowledgements
The author would like to thank Prof Angela Sasse for comments on an early draft of this work. This research was partially funded by the Centre for Research and Evidence on Security Threats (ESRC award ES/N009614/1).
Citation
Ashenden, D. (2018), "In their own words: employee attitudes towards information security", Information and Computer Security, Vol. 26 No. 3, pp. 327-337. https://doi.org/10.1108/ICS-04-2018-0042
Publisher
:Emerald Publishing Limited
Copyright © 2018, Emerald Publishing Limited