Description
Information security policies are (ISP) used to guide employees in order to ensure information security while utilizing organizational information systems in the workplace. However, rigid compliance with ISP may not help employees and companies to confront emerging threats in the dynamic environment of modern security threats. ISP should be developed and improved according to the demands of implementers and in keeping with the changing security environment. To that end, we propose that employees' extra-role behaviors - actions that may seem to go beyond requirements and limitations of security policies - can provide input into forming suitable and feasible security policies that provide insights against the emerging threats in the operating environment.
Recommended Citation
Li, Yaojie; Stafford, Thomas; Fuller, Bryan; and Ellis, Selwyn, "Beyond Compliance: Empowering Employees’ Extra-Role Security Behaviors in Dynamic Environments" (2017). AMCIS 2017 Proceedings. 24.
https://aisel.aisnet.org/amcis2017/InformationSystems/Presentations/24
Beyond Compliance: Empowering Employees’ Extra-Role Security Behaviors in Dynamic Environments
Information security policies are (ISP) used to guide employees in order to ensure information security while utilizing organizational information systems in the workplace. However, rigid compliance with ISP may not help employees and companies to confront emerging threats in the dynamic environment of modern security threats. ISP should be developed and improved according to the demands of implementers and in keeping with the changing security environment. To that end, we propose that employees' extra-role behaviors - actions that may seem to go beyond requirements and limitations of security policies - can provide input into forming suitable and feasible security policies that provide insights against the emerging threats in the operating environment.