Article Preview
TopIntroduction
Protecting information security has been a critical business objective of modern organisations (Crossler et al., 2013). However, this objective is also commonly perceived by the employees as a non-task that is irrelevant to their daily work, thus discourages their security duties and actions (M. Siponen & Vance, 2010; von Solms & von Solms, 2004). Worse still, employees facing with a dilemma of achieving job performance and being required to comply with security policy were even found to engage in security violations in exchange for getting their main job done (Guo, Yuan, Archer, & Connelly, 2011). Therefore, the end-users have remained as a weakest link in the security chain, and organisations are advised to leverage the end-users’ security awareness to prevent information security incidents (Bulgurcu, Cavusoglu, & Benbasat, 2010; Safa & Von Solms, 2016; Sommestad, Karlzén, & Hallberg, 2015).
Among a plethora of the factors that contribute to end-users’ security compliance, sharing information security advice is an emerging topic that holds important implications (Dang-Pham, Pittayachawan, & Bruno, 2016; Safa & Von Solms, 2016; Tamjidyamcholo, Bin Baba, Shuib, & Rohani, 2014). For instance, Tamjidyamcholo et al. (2014) discussed that sharing security advice between organisations may reduce their expenses in information security. At the individual-level, active sharing security advice in a workplace helps to diffuse security awareness as well as prevent re-inventing the same security practices, so that security managers can better invest their time and budget in more important matters (Dang-Pham et al., 2016; Safa & Von Solms, 2016).
Prior research has investigated sharing security advice in two different approaches. For example, (Tamjidyamcholo et al., 2014) and (Safa & Von Solms, 2016) determined the contributing factors of the sharing act by testing theoretically-based models that focus on the end-user’s cognition and behaviour. In contrast, (Dang-Pham et al., 2016) analysed the sharing act in the network form of interactions between individuals. They explored and compared the structural features of sharing security advice network with core organisational networks such as exchange of work advice and trust, and used network regression test to assess the networks’ relationships (Dang-Pham et al., 2016).
This study employs exponential random graph modeling method to test theoretically-based hypotheses and predict the occurrence of sharing security advice based on team collaboration among the employees in multiple teams of an international university. We aim to evaluate the effects of the salient team collaborative activities that result in sharing security advice, as well as statistically assess the structural features of the sharing security advice network. Ultimately, we will answer the following research questions: