Effects of Team Collaboration on Sharing Information Security Advice: Insights from Network Analysis

Active sharing of information security advice among the employees has undeniable implications for developing a sustainable security environment. This research examines this topic from the network perspective, and focuses on the work relationships that promote sharing security advice. Exponential random graph modeling technique was employed to evaluate the relationship between team collaborative activities and sharing security advice. The findings revealed that those who share security advice also tend to give workand IT-related knowledge. Moreover, employees who have similar tenure tend to exchange security advice with each other more. Furthermore, the network of sharing security advice is transitive and has a tendency to form separate clusters. Security managers are suggested to take into account the research findings to identify key employees who frequently share security advice in the workplace and devise appropriate strategies to manage them. KEywoRdS Behavioural Security Network, Exponential Random Graph Modeling, Information Security Behaviour, Information Security Management, Social Network Analysis INTRodUCTIoN Protecting information security has been a critical business objective of modern organisations (Crossler et al., 2013). However, this objective is also commonly perceived by the employees as a non-task that is irrelevant to their daily work, thus discourages their security duties and actions (M. Siponen & Vance, 2010; von Solms & von Solms, 2004). Worse still, employees facing with a dilemma of achieving job performance and being required to comply with security policy were even found to engage in security violations in exchange for getting their main job done (Guo, Yuan, Archer, & Connelly, 2011). Therefore, the end-users have remained as a weakest link in the security chain, and organisations are advised to leverage the end-users’ security awareness to prevent information security incidents (Bulgurcu, Cavusoglu, & Benbasat, 2010; Safa & Von Solms, 2016; Sommestad, Karlzén, & Hallberg, 2015). Among a plethora of the factors that contribute to end-users’ security compliance, sharing information security advice is an emerging topic that holds important implications (Dang-Pham, Pittayachawan, & Bruno, 2016; Safa & Von Solms, 2016; Tamjidyamcholo, Bin Baba, Shuib, & Rohani, 2014). For instance, Tamjidyamcholo et al. (2014) discussed that sharing security advice between organisations may reduce their expenses in information security. At the individual-level, active sharing security advice in a workplace helps to diffuse security awareness as well as prevent re-inventing the same security practices, so that security managers can better invest their time and budget in more important matters (Dang-Pham et al., 2016; Safa & Von Solms, 2016).