Collective information security behaviour: a technology-driven framework
Information and Computer Security
ISSN: 2056-4961
Article publication date: 5 April 2021
Issue publication date: 26 October 2021
Abstract
Purpose
This paper aims to present the development of a framework for evaluating group behaviour in information security in practice.
Design/methodology/approach
Information security behavioural threshold analysis is used as the theoretical foundation for the proposed framework. The suitability of the proposed framework is evaluated based on two sets of qualitative measures (general frameworks and information security frameworks) which were identified from literature. The successful evaluation of the proposed framework, guided by the identified evaluation measures, is presented in terms of positive practical applications, as well as positive peer review and publication of the underlying theory.
Findings
A methodology to formalise a framework to analyse group behaviour in information security can successfully be applied in a practical environment. This application takes the framework from only a theoretical conceptualisation to an implementable solution to evaluate and positively influence information security group behaviour.
Practical implications
Behavioural threshold analysis is identified as a practical mechanism to evaluate information security group behaviour. The suggested framework, as implemented in a management decision support system (DSS), allows practitioners to assess the security behaviour and awareness in their organisation. The resulting information can be used to exert an influence for positive change in the information security of the organisation.
Originality/value
A novel conceptual mapping of two sets of qualitative evaluation measures is presented and used to evaluate the proposed framework. The resulting framework is made practical through its encapsulation in a DSS.
Keywords
Citation
Snyman, D.P. and Kruger, H. (2021), "Collective information security behaviour: a technology-driven framework", Information and Computer Security, Vol. 29 No. 4, pp. 589-603. https://doi.org/10.1108/ICS-11-2020-0180
Publisher
:Emerald Publishing Limited
Copyright © 2021, Emerald Publishing Limited