Academic journal article International Journal of Business and Information

Types of Employee Perceptions of Information Security Using Q Methodology: An Empirical Study

Academic journal article International Journal of Business and Information

Types of Employee Perceptions of Information Security Using Q Methodology: An Empirical Study

Article excerpt

1. INTRODUCTION

In the last few years, there has been an increase in the number of information security events [Sveen, Sarriegi, Rich, and Gonzalez, 2007]. These information security problems have become large issues that threaten organizational operations [Knapp, Marshall, Rainer, and Ford, 2006]. Security matters, therefore, have become an integral part of organizations and the focus of much concern regarding measures that can be taken to ensure that the organizations are fully and properly secured [Saint-Germain, 2005; Vroom and Von Solms, 2004]. Because it is crucial to secure the organization's information and other assets, organizations take information technology and the resulting security seriously [Vroom and Von Solms, 2004].

Some studies have developed observational theoretical models that use managerial constructs to look at information security [Knapp et al., 2006; Kankanhalli, Hock-Hai, Bernard, and Kwok-Kee, 2003]. For example, Hagen, Albrechtsen, and Hovden [2008] have developed technical-administrative security measures, such as security policies, procedures, and methods. In addition, Ma, Johnston, and Pearson [2008] have suggested a parsimonious framework that comprises four factors: information integrity, confidentiality, accountability, and availability.

As the importance of information security continues to increase in today's global environment, organizations spend more and more money on this issue. Bodin, Gordon, and Loeb [2005] used the analytic hierarchy process (AHP) to evaluate the information security investments of organizations. Other research shows that, with regard to security, the organization should provide a supportive organizational environment. The measures it develops will impact the individual employee's perception of, and compliance with, the information security policies. [David, Marlys, David, and Mark, 2014]. Whitten [2008] believes that, in addition to hardware, another important requirement for information security lies with soft skills.

Proper management of information security has become crucial to the success of all organizations. Recent ideas regarding the management of information security emphasize the importance of using security management as a strategic function. This approach will help to develop and implement the organization's strategies, thus resulting in effectiveness, survival, and success [Sotirakou and Zeppou, 2005; Desserlers, 2000; Schuler and Jackson, 2000].

Employees' perceptions of security have an impact on behavior in organizations. As a result, credible business acumen and adherence to proper legal, ethical, and professional standards are required. Whether intentional or inadvertent through negligence, violations of these standards will often cause the failure of information security. [Van Niekerk and Von Solms, 2010]. Anderson and Moore [2006] found that information systems are particularly prone to failure when the person who guards them is not the person who suffers when the systems fail, which is why both acumen and the adherence to standards are so important.

Within an organization, the information security policy is one of the most important controls needed to manage the implementation and ensure the effectiveness of information security [Höne and Eloff, 2002]. Progressive employers have acknowledged the importance of recruiting and retaining topquality talent. In today's competitive employment environment, companies strive to do this quickly and economically. It is not always an easy task, however [Zall, 2000]. Q methodology is suitable for exploratory studies and is helpful for sorting employee perception types of information security.

This paper identifies employee perception types of information security in companies. It comprises the following sections:

l Literature review

l Brief review of information security management and awareness

l Research design and methodology

l Analytical results

l Conclusion

2. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.