The Importance of Security is in the Eye of the Beholder: Cultural, Organizational, and Personal Factors Affecting the Implementation of Security by Design

By: Arizon-Peretz R., Hadar I., Luria G.
Published in: IEEE Transactions on Software Engineering
SDGs : SDG 13  |  Units: Social Welfare & Health Sciences  | Time: 2021 |  Link
Description: AbstractSecurity by design is a recommended approach, addressing end-to-end security and privacy in the design of softwa re systems. To realize this approach, proactive security behavior is required from software developers. This research follows results from previous studies that suggest that personal and organizational characteristics influence security-related behaviors during the software design process. The research is aimed at gaining an in-depth understanding of proactive security behavior and the factors affecting it. Leveraging organization climate theory from organizational psychology, we propose a theoretical model, detailing different factors and their relations with proactive security behavior and test it in empirical settings. The empirical study was conducted in collaboration with an internationally distributed information technology enterprise and included a survey questionnaire completed by 499 software developers working in 7 countries. The results of the survey confirm the moderation-mediation relations in the proposed model, revealing that organizational security climate and security self-efficacy are both positively associated with proactive security behavior, organizational security climate is positively associated with security self-efficacy, and cultures promoting individualism moderate the relationship between organizational security climate and security self-efficacy, thus impeding proactive security behavior. The body of knowledge of organizational psychology points to directions that can effectively be activated for improvement. IEEE