{"title":"价值冲突与信息安全——高风险行业的混合方法研究","authors":"Kristina Gyllensten, A. Pousette, Marianne Törner","doi":"10.1108/ics-09-2021-0139","DOIUrl":null,"url":null,"abstract":"\nPurpose\nThe purpose of this study is to investigate the influence of work-related value conflicts on information security in two organisations in nuclear power production and related industry.\n\n\nDesign/methodology/approach\nA mixed-methods design was applied. Individual interviews were conducted with 24 employees of two organisations in Sweden and questionnaire data on information security climate were collected from 667 employees (62%) in the same two organisations.\n\n\nFindings\nThe qualitative part of the study identified five different types of value conflicts influencing information security behaviour. The quantitative part of the study found that value conflicts relating to information security had a negative relationship with rule-compliant behaviour. The opposite was found for participative security behaviour where there was a positive relationship with value conflicts. A high climate of information security was positively related to both rule-compliant and participative information security behaviour. It also moderated the effect of value conflicts on compliant information security behaviour.\n\n\nOriginality/value\nThis paper highlights organisational contextual conditions that influence employees’ motivation and ability to manage value conflicts relating to information security in a high-risk industry. It also enables a better understanding of the influence of the information security climate on information security in the presence of value conflicts in this type of industry.\n","PeriodicalId":45298,"journal":{"name":"Information and Computer Security","volume":"39 1","pages":""},"PeriodicalIF":1.6000,"publicationDate":"2021-12-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Value conflicts and information security – a mixed-methods study in high-risk industry\",\"authors\":\"Kristina Gyllensten, A. Pousette, Marianne Törner\",\"doi\":\"10.1108/ics-09-2021-0139\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"\\nPurpose\\nThe purpose of this study is to investigate the influence of work-related value conflicts on information security in two organisations in nuclear power production and related industry.\\n\\n\\nDesign/methodology/approach\\nA mixed-methods design was applied. Individual interviews were conducted with 24 employees of two organisations in Sweden and questionnaire data on information security climate were collected from 667 employees (62%) in the same two organisations.\\n\\n\\nFindings\\nThe qualitative part of the study identified five different types of value conflicts influencing information security behaviour. The quantitative part of the study found that value conflicts relating to information security had a negative relationship with rule-compliant behaviour. The opposite was found for participative security behaviour where there was a positive relationship with value conflicts. A high climate of information security was positively related to both rule-compliant and participative information security behaviour. It also moderated the effect of value conflicts on compliant information security behaviour.\\n\\n\\nOriginality/value\\nThis paper highlights organisational contextual conditions that influence employees’ motivation and ability to manage value conflicts relating to information security in a high-risk industry. It also enables a better understanding of the influence of the information security climate on information security in the presence of value conflicts in this type of industry.\\n\",\"PeriodicalId\":45298,\"journal\":{\"name\":\"Information and Computer Security\",\"volume\":\"39 1\",\"pages\":\"\"},\"PeriodicalIF\":1.6000,\"publicationDate\":\"2021-12-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Information and Computer Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1108/ics-09-2021-0139\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information and Computer Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1108/ics-09-2021-0139","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
Value conflicts and information security – a mixed-methods study in high-risk industry
Purpose
The purpose of this study is to investigate the influence of work-related value conflicts on information security in two organisations in nuclear power production and related industry.
Design/methodology/approach
A mixed-methods design was applied. Individual interviews were conducted with 24 employees of two organisations in Sweden and questionnaire data on information security climate were collected from 667 employees (62%) in the same two organisations.
Findings
The qualitative part of the study identified five different types of value conflicts influencing information security behaviour. The quantitative part of the study found that value conflicts relating to information security had a negative relationship with rule-compliant behaviour. The opposite was found for participative security behaviour where there was a positive relationship with value conflicts. A high climate of information security was positively related to both rule-compliant and participative information security behaviour. It also moderated the effect of value conflicts on compliant information security behaviour.
Originality/value
This paper highlights organisational contextual conditions that influence employees’ motivation and ability to manage value conflicts relating to information security in a high-risk industry. It also enables a better understanding of the influence of the information security climate on information security in the presence of value conflicts in this type of industry.
期刊介绍:
Information and Computer Security (ICS) contributes to the advance of knowledge directly related to the theory and practice of the management and security of information and information systems. It publishes research and case study papers relating to new technologies, methodological developments, empirical studies and practical applications. The journal welcomes papers addressing research and case studies in relation to many aspects of information and computer security. Topics of interest include, but are not limited to, the following: Information security management, standards and policies Security governance and compliance Risk assessment and modelling Security awareness, education and culture User perceptions and understanding of security Misuse and abuse of computer systems User-facing security technologies Internet security and privacy The journal is particularly interested in receiving submissions that consider the business and organisational aspects of security, and welcomes papers from both human and technical perspective on the topic. However, please note we do not look to solicit papers relating to the underlying mechanisms and functions of security methods such as cryptography (although relevant applications of the technology may be considered).
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
