Content area
Full Text
ABSTRACT
Information security is integral to creating competitive advantage in business today, particularly in light of the increasing number of security breaches made possible through technological advances. The purpose of this research is to help in understanding and developing types of information security in businesses based on employee perceptions. The study examines the types of employee perceptions of information security within companies. To create useful perception types, this study conducted a review of the literature and gathered data from the managers and employees of some companies in Taiwan, using a questionnaire and interviews incorporating 36 Q questions. The study used Q methodology to analyze the data collected. The Q process yielded 22 valid responses from an initial sample of 30. Based on the results, the study identifies four types of employee perceptions with regard to information security: conception installment (Type 1), mechanism monitoring (Type 2), employee controlling (Type 3), and software monitoring (Type 4). The study summarizes the demographics, statements, and possible implications of each type, along with references for each. The results provide a reference for companies seeking to better understand their employees' perceptions of information security and to evaluate methods they have adopted with regard to ensuring information security.
Keywords: Information security, perception types, Q methodology, perception, sorting
1. INTRODUCTION
In the last few years, there has been an increase in the number of information security events [Sveen, Sarriegi, Rich, and Gonzalez, 2007]. These information security problems have become large issues that threaten organizational operations [Knapp, Marshall, Rainer, and Ford, 2006]. Security matters, therefore, have become an integral part of organizations and the focus of much concern regarding measures that can be taken to ensure that the organizations are fully and properly secured [Saint-Germain, 2005; Vroom and Von Solms, 2004]. Because it is crucial to secure the organization's information and other assets, organizations take information technology and the resulting security seriously [Vroom and Von Solms, 2004].
Some studies have developed observational theoretical models that use managerial constructs to look at information security [Knapp et al., 2006; Kankanhalli, Hock-Hai, Bernard, and Kwok-Kee, 2003]. For example, Hagen, Albrechtsen, and Hovden [2008] have developed technical-administrative security measures, such as security policies, procedures, and methods. In addition, Ma, Johnston, and Pearson [2008] have suggested a...