Description

Information security policies are (ISP) used to guide employees in order to ensure information security while utilizing organizational information systems in the workplace. However, rigid compliance with ISP may not help employees and companies to confront emerging threats in the dynamic environment of modern security threats. ISP should be developed and improved according to the demands of implementers and in keeping with the changing security environment. To that end, we propose that employees' extra-role behaviors - actions that may seem to go beyond requirements and limitations of security policies - can provide input into forming suitable and feasible security policies that provide insights against the emerging threats in the operating environment.

Share

COinS
 
Aug 10th, 12:00 AM

Beyond Compliance: Empowering Employees’ Extra-Role Security Behaviors in Dynamic Environments

Information security policies are (ISP) used to guide employees in order to ensure information security while utilizing organizational information systems in the workplace. However, rigid compliance with ISP may not help employees and companies to confront emerging threats in the dynamic environment of modern security threats. ISP should be developed and improved according to the demands of implementers and in keeping with the changing security environment. To that end, we propose that employees' extra-role behaviors - actions that may seem to go beyond requirements and limitations of security policies - can provide input into forming suitable and feasible security policies that provide insights against the emerging threats in the operating environment.