The Importance of Security Is in the Eye of the Beholder: Cultural, Organizational, and Personal Factors Affecting the Implementation of Security by Design

Research output: Contribution to journalArticlepeer-review

Abstract

Security by design is a recommended approach, addressing end-to-end security and privacy in the design of software systems. To realize this approach, proactive security behavior is required from software developers. This research follows results from previous studies that suggest that personal and organizational characteristics influence security-related behaviors during the software design process. The research is aimed at gaining an in-depth understanding of proactive security behavior and the factors affecting it. Leveraging organization climate theory from organizational psychology, we propose a theoretical model, detailing different factors and their relations with proactive security behavior and test it in empirical settings. The empirical study was conducted in collaboration with an internationally distributed information technology enterprise and included a survey questionnaire completed by 499 software developers working in seven countries. The results of the survey confirm the moderation-mediation relations in the proposed model, revealing that organizational security climate and security self-efficacy are both positively associated with proactive security behavior, organizational security climate is positively associated with security self-efficacy, and cultures promoting individualism moderate the relationship between organizational security climate and security self-efficacy, thus impeding proactive security behavior. The body of knowledge of organizational psychology points to directions that can effectively be activated for improvement.

Original languageEnglish
Pages (from-to)4433-4446
Number of pages14
JournalIEEE Transactions on Software Engineering
Volume48
Issue number11
DOIs
StatePublished - 1 Nov 2022

Bibliographical note

Publisher Copyright:
© 1976-2012 IEEE.

Keywords

  • Human factors in software design
  • organizational impacts
  • security protection
  • social and behavioral sciences

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'The Importance of Security Is in the Eye of the Beholder: Cultural, Organizational, and Personal Factors Affecting the Implementation of Security by Design'. Together they form a unique fingerprint.

Cite this