سامانه پشتیبانی خدمات اطلاعات

  اخبار و اعلانات

 آمار

تعداد نشریات161
تعداد شماره‌ها6,533
تعداد مقالات70,506
تعداد مشاهده مقاله124,125,001
تعداد دریافت فایل اصل مقاله97,233,503
Esfandiarpour, Ryhaneh Zahra, Akbari, Morteza. (1395). Identification of the Employee's Mental Patterns about the Policies of Information Security. , 8(2), 215-230. doi: 10.22059/jitm.2016.57229
Ryhaneh Zahra Esfandiarpour; Morteza Akbari. "Identification of the Employee's Mental Patterns about the Policies of Information Security". , 8, 2, 1395, 215-230. doi: 10.22059/jitm.2016.57229
Esfandiarpour, Ryhaneh Zahra, Akbari, Morteza. (1395). 'Identification of the Employee's Mental Patterns about the Policies of Information Security', , 8(2), pp. 215-230. doi: 10.22059/jitm.2016.57229
Esfandiarpour, Ryhaneh Zahra, Akbari, Morteza. Identification of the Employee's Mental Patterns about the Policies of Information Security. , 1395; 8(2): 215-230. doi: 10.22059/jitm.2016.57229

Identification of the Employee's Mental Patterns about the Policies of Information Security

Journal of Information Technology Management
مقاله 69، دوره 8، شماره 2، مهر 2016، صفحه 215-230    اصل مقاله (305.64 K)
نوع مقاله: Research Paper
شناسه دیجیتال (DOI): 10.22059/jitm.2016.57229
نویسندگان
Ryhaneh Zahra Esfandiarpour* 1؛ Morteza Akbari2
1Ph.D. Student in system Management, pardis farabi of Management University of Tehran, Iran
2Assistant Prof., Faculty of entrepreneurship, Tehran University, Tehran, Iran
چکیده
The security of information systems is one of the most important challenges for today's organizations. Although most organizations use security technologies, they concluded that technology is not enough by itself and the key threat to the organization security comes from employees who do not agree with the organization security policies. Therefore, the field of end users security behaviors in the organization has received serious attention. In accordance with recent studies, end users have different security perspectives which have weakened the monitoring of user's security behaviors. Using Q methodology, this research attempted to identify employees’ mental patterns regarding information security policies to lead employees with the security requirements of the organization. In this regard, by reviewing previous researches as well as evaluating and summing up the discourse space, Q statements were selected and ranked by 31 employees of petroleum products Distribution Company. Constantly, analysis statements and four mental patterns were identified and classified as assessors, committed, relatives and people who consider deterrence tools helpful in line with information security policies.
کلیدواژه‌ها
Acceptance Information Security Policy؛ Mental Models؛ National Iranian oil products distribution company؛ Q methodology
عنوان مقاله [English]
شناسایی الگوهای ذهنی کارمندان در خصوص سیاست‎های امنیت اطلاعات
نویسندگان [English]
ریحانه زهرا اسفندیارپور1؛ مرتضی اکبری2
1دانشجوی دکتری مدیریت سیستم‎ها، پردیس فارابی دانشگاه تهران، قم، ایران
2استادیار دانشکده کارآفرینی دانشگاه تهران ، تهران، ایران
چکیده [English]
امنیت سیستم‌های اطلاعاتی، یکی از مهم‌ترین چالش‌های سازمان‎های امروزی است. بیشتر سازمان‎ها از فناوری‎های امنیتی استفاده می‌کنند، اما به این نتیجه رسیده‌اند که فناوری‌ به تنهایی کافی نیست و تهدید اصلی برای امنیت سازمان از کارمندانی نشئت می‌گیرد که با سیاست‎های امنیت سازمان موافق نیستند. بنابراین حوزۀ رفتارهای امنیتی کاربران نهایی در سازمان، توجه جدی سازمان‎ها را به خود جلب کرده است. مطالعات اخیر نشان داده است که کاربران نهایی، دیدگاه‎های امنیتی متفاوتی دارند که موجب ناتوانی در نظارت بر رفتارهای امنیتی کاربران شده است. این پژوهش با بهره‎مندی از روش کیو، تلاش می‎کند الگوهای ذهنی کارمندان در خصوص سیاست‎های امنیت اطلاعات را در راستای همراه‎کردن کارمندان با الزامات امنیتی سازمان، شناسایی کند. بدین منظور، پس از بررسی مطالعات پیشین، ارزیابی و جمع‌‌بندی فضای گفتمان، عبارات کیو انتخاب شدند و 31 نفر از کارمندان شرکت پخش فراورده‎های نفتی آنها را رتبه‎بندی کردند؛ سپس عبارات تحلیل و چهار الگوی ذهنی شناسایی و بدین ترتیب دسته‌بندی شدند: ارزیابان، متعهدان، منسوبان و افرادی که ابزارهای بازدارندگی را در جهت همراهی با سیاست‎های امنیت اطلاعات مفید می‌دانند.
کلیدواژه‌ها [English]
: الگوهای ذهنی, پذیرش سیاست‎های امنیت اطلاعات, روش‌شناسی کیو, شرکت پخش فرآورده‌های نفتی
مراجع
Aytes, K. & Connolly, T .(2003). A research model for investigating human behavior related to computer security. Americas conference on information system (AMCIS). paper 260. Available in: http://aisel.aisnet.org/amcis2003 /260.

Brown, S.R., Q (1996). Methodology and Qualitative research. Qualitative Health Reseach, 6(4): 561-567.

Bulgurcu, B., Cavusoglu, H. & Benbasat, L. (2009). Roles of Information Security Awareness and Perceived Fairness in Information Security Policy Compliance, Americas Conference on Information Systems, AMCIS2009, San Francisco, California, Augus 6-9, 2009.

Bulgurcu, B., Cavusoglu, H. & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3): 523-548.

Chang, J., Wu, C. & Liu, H. (2012).The Effects of Job Satisfaction and Organization Commitment on Information Security Policy Adoption and Compliance. Management of Innovation and Technology (ICMIT). IEEE International Conference on, Sanur Bali, June 2012, DOI: 10.1109/ICMIT.2012.6225846.

Cheng, L., Li, Y., Li, W., Holmc, E. & Zhai, Q. (2013). Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory. Computers & Security, 39: 447- 459.

Corr, S. (2001). An introduction to Q methodology, a Research Technique, British. Journal of Occupational therapy, 64(6): 293-297.

Furnell, S., Gennatou, M. & Dowland P. S. (2002). A prototype tool for IS security awareness and training. International Journal of Logistics Information Management, 15 (5): 352-357.

Furnell, S. M. (2005). Why users cannot use security. Computers & Security, 24(4): 274-279.

Ifinedo, P. (2012). Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. computers & security, 31 (1): 83-95.

Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51 (1): 69–79.

Kalantari, KH. (2003). Data processing and analysis of socio-economic research. Tehran: Sharif. (in Persian)

Katsikas, S. K. (2000). Health care management and information system security: awareness, training or education. International Journal of Medical Informatics, 60(2): 129-135.

Koshgoyanfard, A. (2007). Q methodology. Tehran: IRIB Research Center.
(in Persian)

Lee, J. & Lee, Y. (2002). A holistic model of computer abuse within organizations. Information management & computer security, 10 (2): 57-63.

Pahnila, S., Siponen, M. & Mahmood, M. (2007). Employees’ Behavior towards IS Security Policy Compliance. Proceedings of the 40th Hawaii International Conference on System Sciences, DOI: 10.1109/HICSS.2007.206. ·

Siponen, M. (2000). A Conceptual Foundation for Organizational Information Security Awareness. Information Management & Computer Security, 8(1): 31-41.

Siponen, M., Pahnila, S. & Mahmood, M. (2006). Factors Influencing Protection Motivation and IS Security Policy Compliance, Innovations in Information Technology Conference, Dubai, Nov 2006, DOI: 10.1109/INNOVATIONS. 2006.301907.

Siponen, M., Mahmood, A. & Pahnila, S. (2014). Employees’ adherence to information security policies: An exploratory field study. Information & Management, 51(2): 217–224.

Sommestad, T., Hallberg, J., Lundholm, K. & Bengtsson, J. (2013). Variables influencing information security policy compliance A systematic review of quantitative studies. Information Management &Computer Security, 22 (1): 42-75.

Son, J, (2011). Out of fear or desire? Toward a better understanding of employees’ motivation to follow IS security policies. Information & Management, 48 (7): 296–302.

Spurling, P. (1995). Promoting security awareness and commitment. Information Management & Computer Security, 3(2): 20-26.

Stanton, J.M., Stam, K.R., Mastrangelo, P.M. & Jolton, J.A. (2005). Analysis of end user security behaviors. Computers & Security, 24(2): 124-133.

Tejaswini, H. & Rao, R. (2009). Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, 47(2): 154–165.

Tejaswini, H. & Rao, R. (2009). Protection motivation and deterrence: a framework for security policy compliance in organizations. European Journal of Information Systems, 18(2): 106–125.

Vance, A., Siponen, M. & Pahnila, S. (2012). Motivating IS security compliance: Insights from Habit and Protection Motivation Theory. Information & Management, 49(3-4): 190–198.

Whitman, M. E. (2004). In defense of the realm: understanding the threats to information security. International Journal of Information Management, 24(1): 43-57.

آمار
تعداد مشاهده مقاله: 2,489
تعداد دریافت فایل اصل مقاله: 2,028


سامانه مدیریت نشریات علمی. قدرت گرفته از سیناوب