Abstract
PurposeThe aim of this study was to explore the organizational and social prerequisites for employees' participative and rule-compliant information security behaviour in Swedish nuclear power production and its related industry. These industries are high-risk activities that must be meticulously secured. Protecting the information security in the related organizations is an essential aspect of this.Design/methodology/approachIndividual in-depth interviews were conducted with 24 employees in two organizations within the nuclear power industry in Sweden.FindingsWe found that prerequisites for employees' participative and rule-compliant information security behaviour could be categorized into structural, social and individual aspects. Structural aspects included well-adapted rules, knowledge support and resources. Social aspects included a supportive organizational culture, collaboration and adequate resources, and individual aspects included individual responsibility.Originality/valueThe qualitative approach of the study provided comprehensive descriptions of the identified preconditions. The results may thus enable organizations to better promote conditions important for information security in a high-risk industry.
Highlights
Protecting the safety of people and assets by limiting the risk of accidents is fundamental to any society
3.1 Structural aspects This section is divided into the following sub-sections: Well-adapted and fully accepted rules, Education and well-adapted knowledge support and Adequate resources
The current study explored the prerequisites for employees’ participative and rule-compliant behaviour for protecting information security in organizations in nuclear power production and its related industry
Summary
Protecting the safety of people and assets by limiting the risk of accidents is fundamental to any society. A prerequisite for this is to do what can be done to eliminate unintended events. Such safety is dependent on protection from wilfully destructive acts. Not least in a highly digitalized world, access to information by unauthorized parties may put central societal functions at risk. Nuclear power energy production and its related industrial functions are high-risk activities that must be rigorously secured. An essential part of this is protecting the information security in the related organizations. High-risk industries have been defined as industries where work processes involve substantial risk for people and the environment, with vast potential for either major accidents as in nuclear power generation,
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
