A grounded theory study of information security practices of software development outsourcing SME personnel in the Philippines
Information security in this digital age is increasingly becoming more of a social problem rather than a technical problem because users are viewed as the weakest link due to their negligence and ignorance. The need for finding out what interrupts one’s intention to comply with Information Security...
Saved in:
| Main Author: | |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Animo Repository
2019
|
| Subjects: | |
| Online Access: | https://animorepository.dlsu.edu.ph/etd_doctoral/1501 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | De La Salle University |
| Language: | English |
| Summary: | Information security in this digital age is increasingly becoming more of a social problem rather than a technical problem because users are viewed as the weakest link due to their negligence and ignorance. The need for finding out what interrupts one’s intention to comply with Information Security Policies arouse. However, most of the studies are focused on the behavioral intention rather than the actual behavior. Through this research, it was able to uncover the main concern of the employees in the context of Software Development Outsourcing SMEs using the Classic Grounded Theory Method. It was discovered that the main concern of the employees is balancing their security and convenience and they resolve this through Security-Convenience Maturity. There are two dimensions for this core category, which are process dimension and type dimension. The first one refers to the Basic Social Process, where employees can transition from Low Maturity to High Maturity through various Techniques. These are Adopting, Understanding, Involving, and Informing. The latter refers to two types of actors, which are Managers and Non-Managers. Their actions can be categorized as Workarounds that can be further classified as Physical Security, Network Security, and Application Security. The Security-Convenience Maturity had uncovered that there are Sophisticated Workarounds that can help the management, information security professionals, and policy makers in improving the existing information security policies, standards, and technologies. |
|---|