Annual Meeting Contributed Papers 2009 START Conference Manager    

Human Information Security Behaviors: Differences Across Geographies and Cultures in a Global User Survey

Lance Hayden

(Submission #2)


Information security is increasingly important in networked organizations. The need to protect data from loss, alteration, and corruption requires organizations to develop complex and expensive organizational and technological infrastructures. Much research exists regarding these constructs but research into the human information behaviors associated with information security is underdeveloped. This lack of research into human information security behaviors results in the privileging of technological and top-down policy frameworks and practices for managing information security.

The multinational scope of many corporations and other organizations presents a challenge to information security requirements. Perhaps due to the gap in researching human information security behaviors, users within organizations tend to be treated monolithically for information security purposes. In extreme cases users are discounted completely and security is a function addressed only within technology systems. The concept of different human information behaviors, perhaps culturally or geographically influenced, is often not recognized in a majority of organizations, even those working diligently to improve their information security.

In 2008 Cisco Systems, a multinational networking company, commissioned a global survey of information technology users and management that specifically examined human information security behaviors. The publicly available results of this survey indicate that cultural and geographical factors do play a role in how users conceptualize and practice information security, although these findings were not fully explored by the survey. This paper undertakes a detailed and theoretically grounded examination of the results of the survey from a human information behavior perspective. The purpose of the paper is to analyze the relationship between a global workforce and the often monolithic security infrastructures imposed by organizations, which often privilege a single cultural approach to security. The paper proposes alternative, user-centric, security models that incorporate cultural and geographical dynamics for the improvement of information security practice.

START Conference Manager (V2.54.6)