A Conceptual Framework of Empowering Knowledge-Workers to Enact Security Practices

Abstract: With the requirements of security laws and/or the increasingly revealed number of information security incidents, many organizations have developed and implemented security policy to comply with legal requirements and to promote security practices to knowledge-workers who legitimately use the organizations’ information systems to analyze or interpret data. However, non-compliance behavior of these knowledge-workers or insiders were still listed as a most likely source of security attack. Based on information security management and psychological empowerment literatures, this study proposed a framework that linked knowledge-workers’ environment to their psychological empowerment, security practices, and to security outcomes. The framework viewed knowledge-workers’ enactment of security practices as an experiential learning process that followed an observe-assess-design-implement (OADI) cycle of individual learning. The study argued that organizations should nurture an environment where knowledge-workers could be intrinsically motivated to enact security practices to their work. Psychological empowerment played a critical role in this process.

Full-text Available: PDF

Authors: Xiaodong Deng