Безопасность информационных технологий (Sep 2024)

Improving non-compliant information security behavior using algorithms

  • Kennedy Njenga,
  • Cosmas Ngwenya

DOI
https://doi.org/10.26583/bit.2024.3.02
Journal volume & issue
Vol. 31, no. 3
pp. 64 – 82

Abstract

Read online

This study explores the prevalent issue of non-compliance with information security policies (ISPs) within organizations, offering a way by which organizations can monitor non-compliance of ISPs using a practical suggested approach. By crowdsourcing artificial intelligence (AI) driven algorithms from a well-known and popular public site and applying the Design Science Research (DSR) approach, this work offers a way that organizations can monitor non-compliance in real-time with the proposed AI-driven algorithm prompting behavior that fosters better compliance. The research integrates principles embedded in the Theory of Planned Behavior (TPB) into two algorithms, with results showing that algorithm 2, which applies a binary classification model, generates prompts that are more efficient in eliciting desired compliance than algorithm 1. The study's practical significance lies in the crowdsourcing appeal, where readily available and cost-effective resources may reach ordinary organizations. The study contributes to the field by exploring AI-driven algorithms, crowdsourcing and addressing user attitudes, subjective norms, and perceived behavioral control challenges. The study concludes by acknowledging limitations, proposing future research directions, and highlighting its valuable contribution to understanding and addressing non-compliant behavior.

Keywords