Enhancing cyber security behavior: an internal social marketing approach

IF 1.6 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

Information and Computer Security Pub Date : 2019-10-14 DOI:10.1108/ics-01-2019-0023

H. Pham, L. Brennan, L. Parker, Nhat Tram Phan-Le, I. Ulhaq, M. Nkhoma, M. Nguyen

{"title":"Enhancing cyber security behavior: an internal social marketing approach","authors":"H. Pham, L. Brennan, L. Parker, Nhat Tram Phan-Le, I. Ulhaq, M. Nkhoma, M. Nguyen","doi":"10.1108/ics-01-2019-0023","DOIUrl":null,"url":null,"abstract":"\nPurpose\nUnderstanding the behavioral change process of system users to adopt safe security practices is important to the success of an organization’s cybersecurity program. This study aims to explore how the 7Ps (product, price, promotion, place, physical evidence, process and people) marketing mix, as part of an internal social marketing approach, can be used to gain an understanding of employees’ interactions within an organization’s cybersecurity environment. This understanding could inform the design of servicescapes and behavioral infrastructure to promote and maintain cybersecurity compliance.\n\n\nDesign/methodology/approach\nThis study adopted an inductive qualitative approach using in-depth interviews with employees in several Vietnamese organizations. Discussions were centered on employee experiences and their perceptions of cybersecurity initiatives, as well as the impact of initiatives on compliance behavior. Responses were then categorized under the 7Ps marketing mix framework.\n\n\nFindings\nThe study shows that assessing a cybersecurity program using the 7P mix enables the systematic capture of users’ security compliance and acceptance of IT systems. Additionally, understanding the interactions between system elements permits the design of behavioral infrastructure to enhance security efforts. Results also show that user engagement is essential in developing secure systems. User engagement requires developing shared objectives, localized communications, co-designing of efficient processes and understanding the “pain points” of security compliance. The knowledge developed from this research provides a framework for those managing cybersecurity systems and enables the design human-centered systems conducive to compliance.\n\n\nOriginality/value\nThe study is one of the first to use a cross-disciplinary social marketing approach to examine how employees experience and comply with security initiatives. Previous studies have mostly focused on determinants of compliance behavior without providing a clear platform for management action. Internal social marketing using 7Ps provides a simple but innovative approach to reexamine existing compliance approaches. Findings from the study could leverage proven successful marketing techniques to promote security compliance.\n","PeriodicalId":45298,"journal":{"name":"Information and Computer Security","volume":"4 1","pages":""},"PeriodicalIF":1.6000,"publicationDate":"2019-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information and Computer Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1108/ics-01-2019-0023","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 7

Abstract

Purpose Understanding the behavioral change process of system users to adopt safe security practices is important to the success of an organization’s cybersecurity program. This study aims to explore how the 7Ps (product, price, promotion, place, physical evidence, process and people) marketing mix, as part of an internal social marketing approach, can be used to gain an understanding of employees’ interactions within an organization’s cybersecurity environment. This understanding could inform the design of servicescapes and behavioral infrastructure to promote and maintain cybersecurity compliance. Design/methodology/approach This study adopted an inductive qualitative approach using in-depth interviews with employees in several Vietnamese organizations. Discussions were centered on employee experiences and their perceptions of cybersecurity initiatives, as well as the impact of initiatives on compliance behavior. Responses were then categorized under the 7Ps marketing mix framework. Findings The study shows that assessing a cybersecurity program using the 7P mix enables the systematic capture of users’ security compliance and acceptance of IT systems. Additionally, understanding the interactions between system elements permits the design of behavioral infrastructure to enhance security efforts. Results also show that user engagement is essential in developing secure systems. User engagement requires developing shared objectives, localized communications, co-designing of efficient processes and understanding the “pain points” of security compliance. The knowledge developed from this research provides a framework for those managing cybersecurity systems and enables the design human-centered systems conducive to compliance. Originality/value The study is one of the first to use a cross-disciplinary social marketing approach to examine how employees experience and comply with security initiatives. Previous studies have mostly focused on determinants of compliance behavior without providing a clear platform for management action. Internal social marketing using 7Ps provides a simple but innovative approach to reexamine existing compliance approaches. Findings from the study could leverage proven successful marketing techniques to promote security compliance.

查看原文本刊更多论文

强化网络安全行为:一种内部社会营销方法

目的了解系统用户的行为变化过程以采用安全的安全实践对组织的网络安全计划的成功至关重要。本研究旨在探索7p(产品、价格、促销、地点、实物证据、流程和人员)营销组合，作为内部社会营销方法的一部分，如何用于了解员工在组织网络安全环境中的互动。这种理解可以为服务逃逸和行为基础设施的设计提供信息，以促进和维护网络安全合规性。设计/方法/方法本研究采用归纳定性方法，对几个越南组织的员工进行深入访谈。讨论集中在员工体验和他们对网络安全计划的看法，以及计划对合规行为的影响。然后在7p营销组合框架下对回应进行分类。研究结果表明，使用7P组合评估网络安全计划可以系统地捕获用户的安全合规性和对IT系统的接受程度。此外，了解系统元素之间的交互可以设计行为基础设施，以增强安全性。结果还表明，用户参与是开发安全系统必不可少的。用户参与需要开发共享目标、本地化通信、共同设计高效流程以及理解安全遵从性的“痛点”。从本研究中获得的知识为那些管理网络安全系统的人提供了一个框架，并使设计以人为中心的系统有利于合规性。这项研究是首次使用跨学科的社会营销方法来研究员工如何体验和遵守安全举措的研究之一。以往的研究大多集中在合规行为的决定因素上，而没有为管理行动提供一个明确的平台。使用7p的内部社会营销提供了一种简单但创新的方法来重新审视现有的合规方法。这项研究的结果可以利用已被证明成功的营销技术来促进安全合规。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information and Computer Security COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

4.60

自引率

7.10%

发文量

期刊介绍： Information and Computer Security (ICS) contributes to the advance of knowledge directly related to the theory and practice of the management and security of information and information systems. It publishes research and case study papers relating to new technologies, methodological developments, empirical studies and practical applications. The journal welcomes papers addressing research and case studies in relation to many aspects of information and computer security. Topics of interest include, but are not limited to, the following: Information security management, standards and policies Security governance and compliance Risk assessment and modelling Security awareness, education and culture User perceptions and understanding of security Misuse and abuse of computer systems User-facing security technologies Internet security and privacy The journal is particularly interested in receiving submissions that consider the business and organisational aspects of security, and welcomes papers from both human and technical perspective on the topic. However, please note we do not look to solicit papers relating to the underlying mechanisms and functions of security methods such as cryptography (although relevant applications of the technology may be considered).