Article Preview
TopBackground
The protection and maintenance of information assets has been treated by modern organisations as one of their top priorities, given their increasing reliance on information systems (Bulgurcu, Cavusoglu, Benbasat, Cabusoglu, & Benbasat, 2010; Soomro, Shah, & Ahmed, 2016; Wilson, Turban, & Zviran, 1992). Among the core components of an information security (IS) environment which are the technological measures, the human elements, and the governance of IS (A. Da Veiga & Eloff, 2007; von Solms, 2001; Zafar & Clark, 2009), the employees are considered the most vulnerable (Bulgurcu et al., 2010; Dang-Pham, Pittayachawan, & Bruno, 2017) and therefore deserve great attention.
Prior literature has examined topics related to employees’ IS such as compliant perceptions and behaviours (Padayachee, 2012; Sommestad, Hallberg, Lundholm, & Bengtsson, 2014). A combination of the employees’ actual IS compliance, favourable attitude, and IS knowledge are reflective of a desirable IS culture that would prevent the occurrence of threats (Adéle Da Veiga & Martins, 2015). A well-maintained and favourable IS attitude of the employees is especially important as such attitude ensures compliant and vigilant behaviours within the workplace (Bulgurcu et al., 2010; Siponen, Mahmood, & Pahnila, 2014; Sommestad et al., 2014).
In line with the efforts to improve and maintain employees’ desirable attitudes towards IS, it was recognised that organisations can no longer solely rely on technical protection (Bulgurcu et al., 2010). Recent researches also argued that the “command-and-control” model for IS management and the un-contextualised, centrally designed IS controls had many disadvantages, such as the lack of trust and collaboration among organisations’ IS authorities and employees which can lead to non-compliance and IS workarounds (Dang-Pham et al., 2017; Kirlappos, Beautement, & Sasse, 2013; Kolkowska, Karlsson, & Hedström, 2016). These shortcomings demand innovative approaches that can be contextualised for the unique work settings and can facilitate interactions between organisational members, to develop an IS-conscious workplace where voluntary IS compliance is mutually encouraged and self-regulated among employees. Consequently, the development of such innovative approaches would require a paradigm shift in the behavioural IS field, which changes the current focus on the unique IS-related perspectives of each employee to the social dynamics between employees in the work environments.
IS research has been traditionally investigating IS attitude and related concepts in the form of the employees’ individualistic characteristics, while overlooking the interactions and relationships in the workplace that contribute to the shaping of those characteristics (Dang-Pham et al., 2017). Interestingly, there was an increasing number of recent studies that place emphasis on the employees’ relational behaviours, such as exchanges of IS advice, IS learning, and IS influence (Dang-Pham et al., 2017; Rocha Flores, Antonsen, & Ekstedt, 2014; Safa, Solms, & Von Solms, 2016; Warkentin, Johnston, & Shropshire, 2011; Willison & Warkentin, 2013). Among these emerging studies, Dang-Pham et al. (2016) applied social network analysis (SNA) to analyse the exchanges of IS advice and troubleshooting among employees, which revealed various structural patterns and features of the IS-related networks., The adoption of SNA methods represents a paradigm shift, which sets emphasis on the employees’ interactions as the main unit of analysis rather than their individual characteristics.