Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Productivity vs security: mitigating conflicting goals in organizations
Faculty of Computer Sciences, Technische Universitat Darmstadt, Darmstadt, Hessen, Germany.
Faculty of Human Sciences, Technische Universitat Darmstadt, Darmstadt, Hessen, Germany.
Faculty of Human Sciences, Technische Universitat Darmstadt, Darmstadt, Hessen, Germany.
Karlstad University, Faculty of Health, Science and Technology (starting 2013), Department of Mathematics and Computer Science (from 2013). (PriSec)ORCID iD: 0000-0003-2674-4043
Show others and affiliations
2017 (English)In: Information and Computer Security, ISSN 1434-5250, E-ISSN 2220-3796, Vol. 25, no 2, p. 137-151Article in journal (Refereed) Published
Abstract [en]

Purpose

This paper aims to contribute to the understanding of goal setting in organizations, especially regarding the mitigation of conflicting productivity and security goals.

Design/methodology/approach

This paper describes the results of a survey with 200 German employees regarding the effects of goal setting on employees’ security compliance. Based on the survey results, a concept for setting information security goals in organizations building on actionable behavioral recommendations from information security awareness materials is developed. This concept was evaluated in three small- to medium-sized organizations (SMEs) with overall 90 employees.

Findings

The survey results revealed that the presence of rewards for productivity goal achievement is strongly associated with a decrease in security compliance. The evaluation of the goal setting concept indicates that setting their own information security goals is welcomed by employees.

Research limitations/implications

Both studies rely on self-reported data and are, therefore, likely to contain some kind of bias.

Practical implications

Goal setting in organizations has to accommodate for situations, where productivity goals constrain security policy compliance. Introducing the proposed goal setting concept based on relevant actionable behavioral recommendations can help mitigate issues in such situations.

Originality/value

This work furthers the understanding of the factors affecting employee security compliance. Furthermore, the proposed concept can help maximizing the positive effects of goal setting in organizations by mitigating the negative effects through the introduction of meaningful and actionable information security goals.

Place, publisher, year, edition, pages
Bingley: Emerald Group Publishing Limited, 2017. Vol. 25, no 2, p. 137-151
Keywords [en]
Organizational context, Goal setting, Information security compliance
National Category
Computer Sciences Human Computer Interaction
Research subject
Computer Science
Identifiers
URN: urn:nbn:se:kau:diva-65599DOI: 10.1108/ICS-03-2017-0014OAI: oai:DiVA.org:kau-65599DiVA, id: diva2:1174164
Available from: 2018-01-15 Created: 2018-01-15 Last updated: 2018-07-02Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text

Authority records BETA

Volkamer, Melanie

Search in DiVA

By author/editor
Volkamer, Melanie
By organisation
Department of Mathematics and Computer Science (from 2013)
In the same journal
Information and Computer Security
Computer SciencesHuman Computer Interaction

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 17 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf