Enhancing Participatory Security Culture in Public Institutions: An Analysis of Organizational Employees' Security Threat Recognition Processes

Abstract

This study recognizes the importance of employees' behavior in influencing the effectiveness of security alternatives despite the technical factors being well-established. As such, the study proposes a novel approach to reinforce security among employees, beginning with a practical case pertaining to their security compliance behavior. Utilizing the technology threat avoidance theory (TTAT) and the trust-risk model, the study explains the process by which employees voluntarily comply with information security policies upon perceiving a malware threat. It seeks to achieve this goal by employing a vignette experiment investigating how employees manage IT threats and conducting an empirical analysis of the factors impacting their compliance behavior with security policies in the context of malware threats. The findings indicate that raising employees' awareness of effective protective measures is critical in preventing or controlling malware while recognizing an appropriate threat level can enhance the persuasiveness of risk. By validating the proposed framework, this study could enable organizations to identify effective information security measures, thereby enhancing security culture reinforcement strategies to support sustainable growth. Future studies in different organizations could potentially increase the validity and generalizability of the findings.