{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,2]],"date-time":"2025-08-02T18:18:40Z","timestamp":1754158720668,"version":"3.41.2"},"reference-count":35,"publisher":"Emerald","issue":"4","license":[{"start":{"date-parts":[[2021,4,5]],"date-time":"2021-04-05T00:00:00Z","timestamp":1617580800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ICS"],"published-print":{"date-parts":[[2021,10,26]]},"abstract":"<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Purpose<\/jats:title>\n<jats:p>This paper aims to present the development of a framework for evaluating group behaviour in information security in practice.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Design\/methodology\/approach<\/jats:title>\n<jats:p>Information security behavioural threshold analysis is used as the theoretical foundation for the proposed framework. The suitability of the proposed framework is evaluated based on two sets of qualitative measures (general frameworks and information security frameworks) which were identified from literature. The successful evaluation of the proposed framework, guided by the identified evaluation measures, is presented in terms of positive practical applications, as well as positive peer review and publication of the underlying theory.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Findings<\/jats:title>\n<jats:p>A methodology to formalise a framework to analyse group behaviour in information security can successfully be applied in a practical environment. This application takes the framework from only a theoretical conceptualisation to an implementable solution to evaluate and positively influence information security group behaviour.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Practical implications<\/jats:title>\n<jats:p>Behavioural threshold analysis is identified as a practical mechanism to evaluate information security group behaviour. The suggested framework, as implemented in a management decision support system (DSS), allows practitioners to assess the security behaviour and awareness in their organisation. The resulting information can be used to exert an influence for positive change in the information security of the organisation.<\/jats:p>\n<\/jats:sec>\n<jats:sec>\n<jats:title content-type=\"abstract-subheading\">Originality\/value<\/jats:title>\n<jats:p>A novel conceptual mapping of two sets of qualitative evaluation measures is presented and used to evaluate the proposed framework. The resulting framework is made practical through its encapsulation in a DSS.<\/jats:p>\n<\/jats:sec>","DOI":"10.1108\/ics-11-2020-0180","type":"journal-article","created":{"date-parts":[[2021,4,6]],"date-time":"2021-04-06T08:19:21Z","timestamp":1617697161000},"page":"589-603","source":"Crossref","is-referenced-by-count":2,"title":["Collective information security behaviour: a technology-driven framework"],"prefix":"10.1108","volume":"29","author":[{"given":"Dirk P.","family":"Snyman","sequence":"first","affiliation":[]},{"given":"Hennie","family":"Kruger","sequence":"additional","affiliation":[]}],"member":"140","published-online":{"date-parts":[[2021,4,5]]},"reference":[{"key":"key2021102306412765600_ref001","doi-asserted-by":"crossref","first-page":"567","DOI":"10.1016\/j.chb.2015.03.054","article-title":"Design and validation of information security culture framework","volume":"49","year":"2015","journal-title":"Computers in Human Behavior"},{"issue":"sup1","key":"key2021102306412765600_ref002","doi-asserted-by":"crossref","first-page":"173","DOI":"10.1080\/12460125.2018.1468177","article-title":"Decision support for selecting information security controls","volume":"27","year":"2018","journal-title":"Journal of Decision Systems"},{"key":"key2021102306412765600_ref003","first-page":"5085","article-title":"An exploratory study of current information security training and awareness practices in organizations","volume-title":"51st HI International Conference on System Sciences","year":"2018"},{"issue":"3","key":"key2021102306412765600_ref004","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1002\/nem.472","article-title":"Development of security policies for private networks","volume":"13","year":"2003","journal-title":"International Journal of Network Management"},{"volume-title":"The Approval Motive","year":"1964","key":"key2021102306412765600_ref005"},{"key":"key2021102306412765600_ref006","doi-asserted-by":"crossref","first-page":"13","DOI":"10.1016\/j.dss.2016.02.012","article-title":"Decision support approaches for cyber security investment","volume":"86","year":"2016","journal-title":"Decision Support Systems"},{"issue":"7","key":"key2021102306412765600_ref007","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1016\/S1361-3723(13)70062-9","article-title":"Plugging the cyber-security skills gap","volume":"2013","year":"2013","journal-title":"Computer Fraud and Security"},{"issue":"6","key":"key2021102306412765600_ref008","doi-asserted-by":"crossref","first-page":"1420","DOI":"10.1086\/226707","article-title":"Threshold models of collective behavior","volume":"83","year":"1978","journal-title":"American Journal of Sociology"},{"issue":"1","key":"key2021102306412765600_ref009","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1186\/1748-5908-7-50","article-title":"Knowledge translation of research findings","volume":"7","year":"2012","journal-title":"Implementation Science"},{"volume-title":"I Will If You Will: Individual Thresholds and Group behavior \u2013 Applications of Algebra to Group Behavior","year":"1983","key":"key2021102306412765600_ref010"},{"issue":"7150","key":"key2021102306412765600_ref011","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1136\/bmj.317.7150.72","article-title":"Making better use of research findings","volume":"317","year":"1998","journal-title":"BMJ"},{"issue":"3","key":"key2021102306412765600_ref012","first-page":"186","article-title":"It takes a village: understanding the collective security efficacy of employee groups","volume":"20","year":"2019","journal-title":"Journal of the Association for Information Systems"},{"issue":"2","key":"key2021102306412765600_ref013","doi-asserted-by":"crossref","first-page":"139","DOI":"10.1016\/S0268-4012(02)00105-6","article-title":"An integrative study of information systems security effectiveness","volume":"23","year":"2003","journal-title":"International Journal of Information Management"},{"issue":"Supplement 1","key":"key2021102306412765600_ref014","doi-asserted-by":"crossref","first-page":"S18","DOI":"10.1097\/XEB.0000000000000195","article-title":"Implementing research findings into practice: frameworks and guidance","volume":"17","year":"2019","journal-title":"International Journal of Evidence-Based Healthcare"},{"issue":"3","key":"key2021102306412765600_ref015","doi-asserted-by":"crossref","first-page":"149","DOI":"10.1136\/qshc.7.3.149","article-title":"Enabling the implementation of evidence based practice: a conceptual framework","volume":"7","year":"1998","journal-title":"Quality and Safety in Health Care"},{"key":"key2021102306412765600_ref016","first-page":"1","article-title":"Mobile information security awareness among students in higher education: an exploratory study","volume-title":"2020 Conference on Information Communications Technology and Society (ICTAS)","year":"2020"},{"key":"key2021102306412765600_ref017","first-page":"65","article-title":"Review of behavioural theories in security compliance and research challenge","volume-title":"Informing Science and Information Technology Education Conference, Vietnam","year":"2017"},{"issue":"1","key":"key2021102306412765600_ref018","doi-asserted-by":"crossref","first-page":"133","DOI":"10.1080\/00224545.1984.9924522","article-title":"The reliability of short social desirability scales","volume":"123","year":"1984","journal-title":"The Journal of Social Psychology"},{"issue":"1","key":"key2021102306412765600_ref019","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1002\/1097-4679(198201)38:1<119::AID-JCLP2270380118>3.0.CO;2-I","article-title":"Development of reliable and valid short forms of the Marlowe-Crowne social desirability scale","volume":"38","year":"1982","journal-title":"Journal of Clinical Psychology"},{"volume-title":"Diffusion of Innovations","year":"2010","key":"key2021102306412765600_ref020"},{"key":"key2021102306412765600_ref021","first-page":"4885","article-title":"To calculate or to follow others: how do information security managers make investment decisions?","volume-title":"52nd HI International Conference on System Sciences","year":"2019"},{"key":"key2021102306412765600_ref022","doi-asserted-by":"crossref","first-page":"177","DOI":"10.1016\/j.cose.2015.01.002","article-title":"Personality, attitudes, and intentions: predicting initial adoption of information security behavior","volume":"49","year":"2015","journal-title":"Computers and Security"},{"issue":"1","key":"key2021102306412765600_ref023","doi-asserted-by":"crossref","first-page":"253","DOI":"10.1177\/0972150917721836","article-title":"Information security management practices: case studies from India","volume":"20","year":"2019","journal-title":"Global Business Review"},{"issue":"2","key":"key2021102306412765600_ref024","doi-asserted-by":"crossref","first-page":"152","DOI":"10.1108\/ICS-03-2017-0015","article-title":"The application of behavioural thresholds to analyse collective behaviour in information security","volume":"25","year":"2017","journal-title":"Information and Computer Security"},{"key":"key2021102306412765600_ref025","first-page":"39","article-title":"Optical polling for behavioural threshold analysis in information security","volume-title":"International Conference on Information and Knowledge Engineering (IKE'17)","year":"2017"},{"issue":"11","key":"key2021102306412765600_ref026","first-page":"1","article-title":"Behavioural threshold analysis: methodological and practical considerations for applications in information security","volume":"38","year":"2019","journal-title":"Behaviour and Information Technology"},{"key":"key2021102306412765600_ref027","first-page":"205","article-title":"Theorising on information cascades and sequential decision-making for analysing security behaviour","volume-title":"5th International Conference on Information Systems Security and Privacy (ICISSP2019)","year":"2019"},{"key":"key2021102306412765600_ref028","first-page":"185","article-title":"External contextual factors in information security behaviour","volume-title":"6th International Conference on Information Systems Security and Privacy","year":"2020"},{"article-title":"Information security behavioural threshold analysis in practice: an implementation framework","volume-title":"Advances in Information and Communication Technology: Proceedings of the 14th IFIP WG 11.12 International Symposium","year":"2020","key":"key2021102306412765600_ref029"},{"article-title":"A management decision support system for evaluating information security behaviour","volume-title":"Information and Cyber Security \u2013 18th International Conference, ISSA 2019Proceedings. 1st ed","year":"2020","key":"key2021102306412765600_ref030"},{"issue":"3","key":"key2021102306412765600_ref031","doi-asserted-by":"crossref","first-page":"290","DOI":"10.1108\/ICS-03-2018-0034","article-title":"I shall, we shall, and all others will: paradoxical information security behaviour","volume":"26","year":"2018","journal-title":"Information and Computer Security"},{"issue":"4","key":"key2021102306412765600_ref032","first-page":"344","article-title":"The theory of planned behavior and information security policy compliance","volume":"59","year":"2017","journal-title":"Journal of Computer Information Systems"},{"issue":"5\/6","key":"key2021102306412765600_ref033","first-page":"207","article-title":"Investigating information security awareness: research and practice gaps","volume":"17","year":"2008","journal-title":"Information Security Journal: A Global Perspective"},{"issue":"4","key":"key2021102306412765600_ref034","first-page":"40","article-title":"Faking it: social desirability response bias in self-report research","volume":"25","year":"2008","journal-title":"The Australian Journal of Advanced Nursing"},{"issue":"2","key":"key2021102306412765600_ref035","doi-asserted-by":"crossref","first-page":"118","DOI":"10.1108\/ICS-03-2017-0013","article-title":"Organisational culture, procedural countermeasures, and employee security behaviour: a qualitative study","volume":"25","year":"2017","journal-title":"Information and Computer Security"}],"container-title":["Information &amp; Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-11-2020-0180\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-11-2020-0180\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:20Z","timestamp":1753406600000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/29\/4\/589-603\/105397"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,4,5]]},"references-count":35,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2021,4,5]]},"published-print":{"date-parts":[[2021,10,26]]}},"alternative-id":["10.1108\/ICS-11-2020-0180"],"URL":"https:\/\/doi.org\/10.1108\/ics-11-2020-0180","relation":{},"ISSN":["2056-4961","2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"},{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2021,4,5]]}}}