Obi Ogbanufe, PhD

Obi Ogbanufe, PhD • Mar 18, 2021 • 2 min read

Enhancing End-User Roles in Information Security: Exploring the Setting, Situation and Identity

Do your investments (e.g., time, effort, friendships) in your online accounts (e.g., Facebook, Instagram, Tiktok, Bank, YouTube, Netflix) influence whether you'll securely protect your online account?

My research finds that one's investments do affect their appraisals of threats to the investment. Therefore, they'll use MFA to protect the investment.

Published: Computers & Security

https://doi.org/10.1016/j.cose.2021.102340

Author: Obi Ogbanufe, PhD

Managing employee behaviors is a continuous quest for management. The quest is even more intense in the cybersecurity space, where a seemingly small unintentional activity could destabilize an organization’s network. 

"Given the seriousness of information security for organizations, and the study’s results highlighting that individuals can build an identity with the information security role, perhaps it is time for organizations to recognize employees as information security end-users, security protection users, policy adherents, even security enthusiasts."

Abstract

Managing employee behaviors is a continuous quest for management. The quest is even more intense in the information security space, where a seemingly unintentional activity could have a consequential effect on an organization’s security. The information security literature has used many theoretical approaches to explain how to regulate employee security behaviors, including protection motivation and deterrence. However, a theoretical approach that has captured the focus in organizational literature for behavioral regulation and yet to be realized in the information security domain is work-related identities. Work-related identity regulation depends on settings and situations in which the individual is embedded. This study draws from the identity theory and information security literature to explore how factors in the information security setting (security threats, security policy, and organizational support) help foment work-related information security identity and security behaviors. Our findings show that these factors significantly increase the user’s identification in their roles in information security, and in turn, security behaviors.

#cyberrisk, #cyberenthusiat, #cybersecuritybehaviors, #cyberidentity, #cybersecurityroleidentity

Building a cybersecurity identity

│Research question: What factors in the information security setting drive how users identify with the
  information security role?

Request a copy of this research study.