{"title":"促进远程工作环境中的安全行为:塑造信息安全政策合规性的个人价值观","authors":"Carlos I. Torres, Robert E. Crossler","doi":"10.1287/isre.2021.0563","DOIUrl":null,"url":null,"abstract":"Organizations worldwide face critical concerns related to cybersecurity threats and information security policy (ISP) compliance. Even though humans are the weakest link in the cybersecurity chain, information security professionals understand the importance of promoting individual information security behaviors because employees are also the first line of defense against ever-increasing cyber threats. Despite a recent trend of working from home, organizations do not make significant differences in their information security interventions for remote workers, relying mainly on VPNs as the only used tool, essentially making employees follow in-office standard information security policies because they are “virtually in-office.” Our study suggests that organizations need to recognize the unique context of remote work and consider personal motivations when shaping information security practices. Furthermore, our study indicates that in order to motivate remote employees to follow secure information security practices, organizations should consider personal characteristics instead of focusing on generic interventions. For instance, our study compares onsite and remote workers, suggesting that personal values are more relevant in remote work settings. Our findings exemplify just one of the many potential personal characteristics to be considered, highlighting how personal values are important motivators for ISP compliance and how they differ for onsite and remote workers in their importance when following information security rules.","PeriodicalId":48411,"journal":{"name":"Information Systems Research","volume":"26 1","pages":""},"PeriodicalIF":5.0000,"publicationDate":"2024-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Promoting Security Behaviors in Remote Work Environments: Personal Values Shaping Information Security Policy Compliance\",\"authors\":\"Carlos I. Torres, Robert E. Crossler\",\"doi\":\"10.1287/isre.2021.0563\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Organizations worldwide face critical concerns related to cybersecurity threats and information security policy (ISP) compliance. Even though humans are the weakest link in the cybersecurity chain, information security professionals understand the importance of promoting individual information security behaviors because employees are also the first line of defense against ever-increasing cyber threats. Despite a recent trend of working from home, organizations do not make significant differences in their information security interventions for remote workers, relying mainly on VPNs as the only used tool, essentially making employees follow in-office standard information security policies because they are “virtually in-office.” Our study suggests that organizations need to recognize the unique context of remote work and consider personal motivations when shaping information security practices. Furthermore, our study indicates that in order to motivate remote employees to follow secure information security practices, organizations should consider personal characteristics instead of focusing on generic interventions. For instance, our study compares onsite and remote workers, suggesting that personal values are more relevant in remote work settings. Our findings exemplify just one of the many potential personal characteristics to be considered, highlighting how personal values are important motivators for ISP compliance and how they differ for onsite and remote workers in their importance when following information security rules.\",\"PeriodicalId\":48411,\"journal\":{\"name\":\"Information Systems Research\",\"volume\":\"26 1\",\"pages\":\"\"},\"PeriodicalIF\":5.0000,\"publicationDate\":\"2024-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information Systems Research\",\"FirstCategoryId\":\"91\",\"ListUrlMain\":\"https://doi.org/10.1287/isre.2021.0563\",\"RegionNum\":3,\"RegionCategory\":\"管理学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"INFORMATION SCIENCE & LIBRARY SCIENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Systems Research","FirstCategoryId":"91","ListUrlMain":"https://doi.org/10.1287/isre.2021.0563","RegionNum":3,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"INFORMATION SCIENCE & LIBRARY SCIENCE","Score":null,"Total":0}
Promoting Security Behaviors in Remote Work Environments: Personal Values Shaping Information Security Policy Compliance
Organizations worldwide face critical concerns related to cybersecurity threats and information security policy (ISP) compliance. Even though humans are the weakest link in the cybersecurity chain, information security professionals understand the importance of promoting individual information security behaviors because employees are also the first line of defense against ever-increasing cyber threats. Despite a recent trend of working from home, organizations do not make significant differences in their information security interventions for remote workers, relying mainly on VPNs as the only used tool, essentially making employees follow in-office standard information security policies because they are “virtually in-office.” Our study suggests that organizations need to recognize the unique context of remote work and consider personal motivations when shaping information security practices. Furthermore, our study indicates that in order to motivate remote employees to follow secure information security practices, organizations should consider personal characteristics instead of focusing on generic interventions. For instance, our study compares onsite and remote workers, suggesting that personal values are more relevant in remote work settings. Our findings exemplify just one of the many potential personal characteristics to be considered, highlighting how personal values are important motivators for ISP compliance and how they differ for onsite and remote workers in their importance when following information security rules.
期刊介绍:
ISR (Information Systems Research) is a journal of INFORMS, the Institute for Operations Research and the Management Sciences. Information Systems Research is a leading international journal of theory, research, and intellectual development, focused on information systems in organizations, institutions, the economy, and society.