Past research suggests that the demands of information security policies (ISPs) cause stress upon employees, leading them to violate the policies. It emphasises the distress process but overlooks a ...possible positive process that may arise from the ISP demands (i.e., the eustress process) and motivate employees to reduce ISP violations. This study explores both the distress and eustress processes. It proposes that the challenge and hindrance aspects of ISP demands induce these processes and subsequently affect ISP violations. Besides, employees' ISP-related self-efficacy may facilitate or impede these processes. To test the research model, a survey was conducted on 375 employees in the U.S. The results show that the challenge aspect of ISP demands elicits a positive psychological response of employees, which in turn triggers their planful problem-solving to deal with these demands. In contrast, the hindrance aspect of ISP demands provokes a negative psychological response that triggers employees' wishful thinking about ISP demands. Meanwhile, employees' self-efficacy strengthens the effect of positive psychological response on planful problem-solving. Subsequently, planful problem-solving reduces employees' intention to violate the ISP, while wishful thinking increases their intention. This dual-process view sheds new light on the connection between ISP demands and ISP violation intention.
The development of an information security policy involves more than mere policy formulation and implementation. Unless organisations explicitly recognise the various steps required in the ...development of a security policy, they run the risk of developing a policy that is poorly thought out, incomplete, redundant and irrelevant, and which will not be fully supported by the users. This paper argues that an information security policy has an entire life cycle through which it must pass during its useful lifetime. A formal content analysis of information security policy development methods was conducted using secondary sources. Based on the results of the content analysis, a conceptual framework was subsequently developed. The proposed framework outlines the various constructs required in the development and implementation of an effective information security policy. In the course of this study, a survey of 310 security professionals was conducted in order to validate and refine the concepts contained in the key component of the framework: the ISPDLC.
•An organization with proficient information security controls achieves better compliance, which leads to a decrease in computer based occupational fraud.•Information security control proficiency ...(ISCP) is a function of the quality of information security policy and its enforcement. Effective integration of these two aspects contributes to enhancing information security policy compliance.
As more business processes and information assets are digitized, computer resources are increasingly being misused to perpetrate fraudulent activities. Research shows that fraud committed by (or with) trusted insiders (called occupational fraud or internal organizational fraud) is responsible for significantly more damage than that committed by external actors (for example, cyber fraud). Current fraud research has primarily focused on the person perpetuating the fraud instead of the internal mechanisms organizations can employ in reducing fraud. The study examines the relationship between compliance with organizations' technology controls (primarily focused on information security) and its impact on computer-based occupational fraud. Based on general deterrence and fraud triangle theories, the study proposes information security control proficiency (ISCP) modeled as an integration of the quality of information security policy and its enforcement as a key factor that influences information security policy compliance. We further postulate that compliance with information security policy mediates the relationship between information security control proficiency and computer-based-occupational fraud. Empirical assessment supports the structure of the information security control proficiency construct. Model testing shows that information security control proficiency positively impacts information security policy compliance, which further deters the use of a company's computer systems and resources to conduct fraudulent activities. Thus, if an organization establishes high-quality information security policies and supports the policies with effective enforcement, it correspondingly leads to better compliance. Furthermore, less fraud is committed when compliance with information security controls is high. We offer various managerial implications and future research extension ideas.
This volume aims to provide a new framework for the analysis of securitization processes, increasing our understanding of how security issues emerge, evolve and dissolve.
Securitisation theory has ...become one of the key components of security studies and IR courses in recent years, and this book represents the first attempt to provide an integrated and rigorous overview of securitization practices within a coherent framework. To do so, it organizes securitization around three core assumptions which make the theory applicable to empirical studies: the centrality of audience, the co-dependency of agency and context and the structuring force of the dispositif. These assumptions are then investigated through discourse analysis, process-tracing, ethnographic research, and content analysis and discussed in relation to extensive case studies.
This innovative new book will be of much interest to students of securitisation and critical security studies, as well as IR theory and sociology.
Thierry Balzacq is holder of the Tocqueville Chair on Security Policies and Professor at the University of Namur. He is Research Director at the University of Louvain and Associate Researcher at the Centre for European Studies at Sciences Po Paris.
1. A Theory of Securitization: Origins, Core Assumptions, and Variants Thierry Balzacq 2. Enquiries Into Methods: A New Framework for Securitization Analysis Thierry Balzacq Part 1: The Rules of Securitization 3. Reconceptualizing the Audience in Securitization Theory Sarah Léonard and Christian Kaunert 4. Securitization as a Media Frame Fred Vultee 5. The Limits of Spoken Words: From Meta-narratives to Experiences of Security Claire Wilkinson 6. When Securitization Fails: The Hard Case of Counter-terrorism Programmes Mark B. Salter Part 2: Securitization and De-securitization in Practice 7. Rethinking the Securitization of Environment: Old Beliefs, New Insights Julia Trombetta 8. Health Issues and Securitization: HIV/AIDS as a US National Security Threat Roxanna Sjostedt 9. Securitization, Culture and Power: Rogue States in US and German Discourse Holger Stritzel and Dirk Schmittchen 10. Religion Bites: The Securitization of – and Desecuritization Moves by – Falungong Practitioners in the People’s Republic of China Juha A. Vuori 11. The Continuing Evolution of Securitization Theory Michael C. Williams
‘The book is relevant for students and scholars of security studies and it is an important read for those interested in the analysis of current securitized issues.’ - Fatemeh Shayan, Journal of Peace Research
Thierry Balzacq is holder of the Tocqueville Chair on Security Policies and Professor at the University of Namur. He is Research Director at the University of Louvain and Associate Researcher at the Centre for European Studies at Sciences Po Paris.
We use coping theory to explore an underlying relationship between employee stress caused by burdensome, complex, and ambiguous information security requirements (termed "security-related stress" or ...SRS) and deliberate information security policy (ISP) violations. Results from a survey of 539 employee users suggest that SRS engenders an emotion-focused coping response in the form of moral disengagement from ISP violations, which in turn increases one's susceptibility to this behavior. Our multidimensional view of SRS-comprised of security-related overload, complexity, and uncertainty-offers a new perspective on the workplace environment factors that foster noncompliant user behavior and inspire cognitive rationalizations of such behavior. The study extends technostress research to the information systems security domain and provides a theoretical framework for the influence of SRS on user behavior. For practitioners, the results highlight the incidence of SRS in organizations and suggest potential mechanisms to counter the stressful effects of information security requirements.
This cutting-edge book explores the practices and socialization of the everyday foreign policy making in the European Union (EU), focusing on the individuals who shape and implement the Common ...Foreign and Security Policy despite a growing dissension among member states.The authors provide theoretically informed analyses based on up-to-date empirical material from the Political and Security Committee, Council working groups, the European External Action Service, EU delegations, military and civilian missions and operations and EU member state embassies. They illustrate the ways in which European foreign policy is shaped through the daily work of diplomats, exploring the communities of practice that are formed in the process of policy-making in the EU. Combining socialization and practice approaches, the book offers an innovative take on the motivations behind integration at a time of European discord.Providing a unique inside account of diplomatic practices and the coordination of EU foreign policy, this insightful book is crucial reading for students of political science and international relations at all levels seeking to better understand the minutiae of formulating and coordinating EU foreign and security policy. Its empirical analyses will also benefit scholars and researchers interested in European integration and socialization in international organizations, as well as practitioners, such as diplomats and European civil servants.
Gulf stability is coming to play a larger role in the foreign policy calculus of many states, but the evolving role of Asian powers is largely under-represented in the International Relations ...literature. This volume addresses this gap with a set of empirically rich, theory driven case studies written by academics from or based in the countries in question. The underlying assumption is not that Asian powers have already become important security actors in the Gulf, but rather that they perceive the Gulf as a region of increasing strategic relevance. How will leaders in these countries adjust to an evolving regional framework? Will there be coordinated efforts to establish an Asian-centered approach to Gulf stability, or will Asian rivalries make the region a theater of competition? Will US–China tensions force alignment choices among Asian powers? Will Asian states balance, bandwagon, hedge, or adopt some other approach to their Gulf relationships? These questions become even more important as the western boundaries of Asia increasingly come to incorporate the Middle East. The book will appeal to scholars and students in the fields of International Relations, Security Studies, and International Political Economy, as well as area specialists on the Gulf and those working on foreign policy issues on each of the Asian countries included. Professionals in government and non-government agencies will also find it very useful.
National security threats facing the West are fundamentally changing. Turning away from the military as an omnibus tool of aggression, hostile governments are instead frequently using tools-including ...subversive economics, coercion of foreign companies, gradual border violations, cyberattacks, disinformation, and arbitrary detention of foreign citizens-that are often difficult for targeted countries to immediately identify, let alone tackle. Nonmilitary aggression is easy, inexpensive, and alarmingly effective. Businesses - American and foreign - have already suffered significant financial losses because of gray-zone attacks.In The Defender's Dilemma, international security expert Elisabeth Brawer offers the first sustained analysis of how these tactics in the gray zone between war and peace dangerously weaken liberal democracies, which are open societies by definition and intimately connected to the rest of the world through globalization. She discusses the breadth of gray-zone aggression and presents strategies for better defense against it. These strategies involve not just governments but also civil society, a largely untapped resource.
Japan is emerging as a more prominent global and regional military power, defying traditional categorisations of a minimalist contribution to the US-Japan alliance, maintaining anti-militarism, ...seeking an internationalist role, or carving out more strategic autonomy. Instead, this Element argues that Japan has fundamentally shifted its military posture over the last three decades and traversed into a new categorisation of a more capable military power and integrated US ally. This results from Japan's recognition of its fundamentally changing strategic environment that requires a new grand strategy and military doctrines. The shift is traced across the national security strategy components of Japan Self-Defence Forces' capabilities, US-Japan alliance integration, and international security cooperation. The Element argues that all these components are subordinated inevitably to the objectives of homeland security and re-strengthening the US-Japan alliance, and thus Japan's development as international security partner outside the ambit of the bilateral alliance remains stunted. This title is also available as Open Access on Cambridge Core.
The proliferation of the Bring Your Own Device (BYOD) policy has instigated a widespread change across organizations. However, employees' compliance toward BYOD security policy remains a challenge. ...Building on the organizational control, security culture, and social cognitive theory, a research framework for analyzing BYOD security policy compliance factors was developed in this study. To validate the framework, 346 responses were obtained from three Critical National Information Infrastructure (CNII) agencies. Using Partial Least Square-Sequential Equation Modelling (PLS-SEM), the study confirmed that perceived mandatoriness, self-efficacy, and psychological ownership are influential in predicting BYOD security policy compliance. Specification of policy is associated with perceived mandatoriness. Self-efficacy is associated with both BYOD IT support and SETA. Further, security culture was found to have no significant relationship with BYOD security policy compliance.
