Data Security in Organizations: Empirical Examination of Security Practices in Western New York

1895 days ago, 728 views
PowerPoint PPT Presentation
Data Security in Associations: Observational Examination of Security Practices in Western New York . Tejaswini Herath Right hand Teacher, Bureau of Account, Operations and Data Frameworks Brock College St. Catharines, Ontario, Canada Prof. H. Raghav Rao

Presentation Transcript

Slide 1

Data Security in Organizations: Empirical Examination of Security Practices in Western New York Tejaswini Herath Assistant Professor, Department of Finance, Operations and Information Systems Brock University St. Catharines, Ontario, Canada Prof. H. Raghav Rao Professor, Department of Management Science and Systems Adjunct Professor, Department of Computer Science and Engineering Co-Director, Center for Excellence in Information Systems Research and Education (CEISARE) Acknowledgments : We welcome the support and coordinated effort on this venture by the Cyber Task Force, Buffalo Division, FBI. We might want to uncommonly say thanks to Supervisory Special Agent Holly Hubert and Intelligence Analyst Susan Lupiani for their help and support. Some portion of this examination is financed to some degree by NSF under give 0723763 and MDRF concede #F0630.

Slide 2

Research Theme: Information Security in Organizations Employees (End clients) Managers Mangers are frequently confronted with asset imperatives  unwieldy practices  resistance by workers

Slide 3

Related Research Questions Organization/Managerial Perspective Employee (End client) Behavior Management – Employee point of view fit A multi-faceted research issue What are the drivers/boundaries of authoritative reception of security practices How do different end client convictions, dispositions and discernments in regards to data security form their security conduct? By what method can the representative security practices be impacted? Does the coinciding amongst worker and administration security values result in positive representative results? In the event that so how might it be impacted?

Slide 4

Two concurrent studies – Manager study and Employee overview Select Findings of this review were exhibited at Technology and Homeland Security Forum, Niagara Falls (October 18, 2007)

Slide 5


Slide 6

Approximately what amount is planned every year, for data security at your association? Data security spending plan as a % of aggregate IT spending plan in your association. 80%

Slide 8

Security Climate

Slide 9

Employee Survey Employee Behaviors: Introduction People are the weakest connection Organizations have been effectively utilizing security advancements - security can not be accomplished through just innovative devices alone. Successful data security in associations relies on upon three parts: individuals, procedures and innovation. As of late call have been made to focus on end-client practices Importance of "Suitable Computer Use Policies " – has been perceived for quite a while, yet, we don't have clear comprehension of their effect and viability Divergent security practices Incidents, Surveys – give the confirmation of arrangement obliviousness

Slide 10

1. Security Policy Compliance: Role of Extrinsic and Intrinsic Motivators Objective of this review: to assess the extraneous and inborn inspirations that energize data security practices in associations effect of punishments (outward disincentive), social weights (extraneous disincentive) saw esteem or commitment (inherent impetus)

Slide 11


Slide 12

Discussion Results show that both the natural and extraneous helpers impact worker expectations of security strategy consistence in associations. Inborn inspiration assumes a part: if the representatives see their security consistence practices to favorably affect the association or advantage an association, they will probably take such activities. Social impact additionally assumes a part in security practices. Sureness of recognition was found to positively affect security conduct expectation. Shockingly, seriousness of punishment was found to negatively affect the security conduct goals. motivators and punishments can likewise assume a negative part (Benabou and Tirole 2003; Kohn 1993). In agreement to perspectives of specialists in the field

Slide 13

Implications from down to earth perspective the suggestions for outline, advancement and usage of secured frameworks and security approaches. Essential for IT administration to attempt endeavors to pass on to representatives that data security is critical to an association and worker activities have any kind of effect in accomplishing the general objective of secured data. Chiefs can upgrade the security consistence by improving fitting security atmosphere in the associations. The presence and perceivability of the identification systems is maybe more vital than the seriousness of punishments forced. T. Herath and H. R. Rao. 2009. "Empowering Information Security Behaviors: Role of Penalties, Pressures and Perceived Effectiveness" Decision Support Systems (DSS) , Vol. 47, No. 2, pp 154-165.

Slide 14

2. Insurance Motivation and Deterrence Premise: Security practices are influenced by hierarchical, ecological and behavioral elements Objective: Test of an Integrated Protection Motivation and Deterrence model of security strategy consistence under the umbrella of Taylor-Todd's Decomposed Theory of Planned Behavior. assurance inspiration hypothesis: an assessment of danger examination and reaction adequacy to distinguish states of mind towards security approaches ecological components, for example, discouragement, encouraging conditions and social impact part of representatives' authoritative duty on security strategy consistence

Slide 15

Response Efficacy (Effectiveness of individual's activity) H14 [+] Organizational responsibility Response Cost Resource Availability H5 [+] H15 [+] H9 [+] H6 [-] H7 [+] Self-Efficacy Perceived Severity of Security Breach H2 [+] Security Breach Concern level Security Policy Attitude H8 [+] H1 [+] H4 [+] Perceived Probability of Security Breach Security Policy Compliance Intention H3 [+] H10 [+] H13 [+] H12 [+] Punishment Severity H11 [+] Subjective Norm Descriptive Norm Detection Certainty Model

Slide 16


Slide 17

Findings T. Herath and H. R. Rao. 2009. "Assurance Motivation and Deterrence: A Framework for Security Policy Compliance in Organizations", European Journal of Information Systems (EJIS), Vol. 18, No. 2, pp. 106-125.

Slide 18

3. Worker Perceptions of Security Climate: A Dyadic Investigation of Manager Employee Perception Alignment Motivation : To oversee security successfully: preparing and mindfulness and arrangement implementation. Fruitful usage of IT security controls and strategies is just conceivable when people adjust their esteem framework to those of administration (Mishra and Dhillon 2006) Empirical research on assessing the viability of these systems is practically non existent - these instruments do not have the proof of adequacy (Aytes and Connolly 2004) Objectives: Investigation of representative impression of security atmosphere and its connection with strategy consistence conduct; Role of over two hierarchical socialization forms in molding the security atmosphere view of the workers Evaluation of security atmosphere and its impact on end-client approach consistence from the dyadic viewpoint of both administration and representative perspectives

Slide 19

Findings This dyadic review reveals insight into significance of understanding different socio-authoritative subtleties for compelling security administration Security atmosphere altogether influences security arrangement consistence Training & mindfulness and strategy implementation both fundamentally add to the security atmosphere observations (R 2 => 0.47) – therefore are essential components for the making security cognizant condition Recent eCrime overview (in light of test of 434 associations) recommends that in spite of the fact that the strategies are set up the preparation and mindfulness endeavors and also strategy authorization endeavors are much lower in greatness 19

Slide 20

Policies and requirement – Mgr reactions

Slide 21

Contributions: Implications for Practice and Theory Dyadic Test: worker conduct might be driven more by and by held convictions instead of real authoritative atmosphere Important for administration to have a clearer comprehension of the viability of these components; Vital for administration to gage how these endeavors are seen by the end-clients and to what level they are acknowledged. Our review experimentally substantiates the requirement for administration consciousness of the various features of end-client practices. 21