Abstract
Methods for evaluating and effectively managing the security behavior of employees.
- Acquisti, A and Gross, R. Imagined communities: Awareness, information sharing, and privacy on the Facebook. In Proceedings of the 6th Workshop on Privacy Enhancing Technologies (Cambridge, U.K, June 28--30, 2006). Google ScholarDigital Library
- Anderson, R., Böhme, R., Clayton, R., and Moore, T. Security economics and european policy. In Proceedings of the Workshop on Economics of Information Security (New Haven, CT, 2008).Google Scholar
- Anderson, J. C., and Gerbing, S. W. Structural equation modeling in practice: A review and recommended two-step approach. Psychological Bulletin 103, 3 (1988), 411--423.Google ScholarCross Ref
- Bachman, R., Paternoster, R., and Ward, S. The rationality of sexual offending: Testing a deterrence/rational choice conception of sexual assault. Law & Society Review 26, 2 (1992), 343--372.Google Scholar
- Becker, G. Crime and punishment: An economic approach. Journal of Political Economy 76, (1968), 169--217.Google ScholarCross Ref
- Cable, D. M. and Judge, T. A. Person--organization fit, job choice decisions, and organizational entry. Organizational Behavior and Human Decision Processes 67, 3 (1996), 294--311.Google ScholarCross Ref
- Cornish, D. B. and Clarke, R. V. The Reasoning Criminal: Rational Choice Perspectives on Offending. Springer-Verlag, New York, NY, 1986.Google ScholarCross Ref
- D'Arcy, J., Havav, A., and Galletta, D. User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research 20, 1 (2009), 79--98. Google ScholarDigital Library
- Debatin, B., Lovejoy, J. P., Horn, A. K., and Hughes, B. N. Facebook and online privacy: Attitudes, behaviors, and unintended consequences. Journal of Computer-Mediated Communication 15, 1 (2009), 83--108.Google ScholarCross Ref
- Dinev, T. and Hu, Q. The centrality of awareness in the formation of user behavioral intentions towards preventive technologies in the context of voluntary use. Journal of the Association for Information Systems 8, 7 (2007), 386--408.Google ScholarCross Ref
- Ernst & Young. Global Information Security Survey (2008); http://www.ey.com.Google Scholar
- Gettfredson, M. and Hirschi. T. A General Theory of Crime. Stanford University Press, Stanford, CA, 1990.Google Scholar
- Gibbs, J. P. Crime, Punishment, and Deterrence. Elsevier, New York, NY, 1975.Google Scholar
- Hofstede, G. Cultures and Organizations: Software of the Mind. McGraw-Hill, New York, NY, 1991.Google Scholar
- Hulland, J. use of partial least squares (PLS) in strategic management research: A review of four recent studies. Strategic Management Journal 20 (1999), 195--204.Google ScholarCross Ref
- Lewis, M. Shame: The Exposed Self. Macmillan, New York, NY, 1992.Google Scholar
- Mercuri, R. T. Analyzing security costs. Commun. ACM 46, 6 (June 2003), 15--18. Google ScholarDigital Library
- Nagin, D. S. and Paternoster, R. Enduring individual differences and rational choice theories of crime. Law & Society Review 27, 3 (1993), 467--496.Google Scholar
- Paternoster, R. and Simpson, S. Sanction threats and appeals to morality: Testing a rational choice model of corporate crime. Law & Society Review 30, 3 (1996) 549--583.Google Scholar
- Paternoster, R., Saltzman, L. E., Waldo, G. P., and Chiricos, T. G. Perceived risk and social control: Do sanctions really deter? Law & Society Review 17, 3 (1983), 457--480.Google Scholar
- Piquero, A. and Tibbetts, S. Specifying the direct and indirect effects of low self-control and situational factors in offenders' decision making: Toward a more complete model of rational offending. Justice Quarterly 13, 3 (1996), 481--510.Google ScholarCross Ref
- Richardson, R. CSI Computer Crime & Security survey (2008); http://www.cse.msstate.edu/~cse6243/readings/CSIsurvey2008.pdf/Google Scholar
- Ringle, C. M., Wende, S., and Will, A. SmartPLS, 2.0 (beta), University of Hamburg, Hamburg, Germany, 2005; http://www.smartpls.de/Google Scholar
- Simon, H. Bounded rationality in social science: Today and tomorrow. Mind & Society 1, 1 (2000), 25--39.Google Scholar
- Siponen, M. and Vance, A. Neutralization: New insights into the problem of employee information systems security policy violations. MIS Quarterly 34, 2 (2010). Google ScholarDigital Library
- Straub, D. W. and Welke, R. J. Coping with systems risk: Security planning models for management decision making. MIS Quarterly 22, 4 (1998), 441--469 Google ScholarDigital Library
- Tittle, C. R. Sanctions and Social Deviance: The Question of Deterrence. Praeger, New York, NY, 1980.Google Scholar
- Tibbetts, S. G. and Gibson, C. L. Individual propensities and rational decision-making: Recent findings and promising approaches. In Rational Choice and Criminal Behavior: Recent Research and Future Challenges. A. R. Piquero and S. G. Tibbetts, eds. Routledge, New York, NY, 3--24.Google Scholar
- Tunnell, K. Choosing crime: Close your eyes and take your choices. Justice Quarterly 7, 4 (1990), 673--690.Google ScholarCross Ref
- Warkentin, M. and Willison, R. Behavioral and policy issues in information systems security: The insider threat. European Journal of Information Systems 18 (2009), 101--105.Google ScholarCross Ref
Index Terms
- Does deterrence work in reducing information security policy abuse by employees?
Recommendations
Employees' adherence to information security policies: An exploratory field study
The key threat to information security comes from employees who do not comply with information security policies. We developed a new multi-theory based model that explained employees' adherence to security policies. The paradigm combines elements from ...
Employees' Behavior towards IS Security Policy Compliance
HICSS '07: Proceedings of the 40th Annual Hawaii International Conference on System SciencesThe literature agrees that the major threat to IS security is constituted by careless employees who do not comply with organizations' IS security policies and procedures. To address this concern , different approaches for ensuring employees' IS security ...
What Drives Information Security Policy Violations among Banking Employees?: Insights from Neutralization and Social Exchange Theory
Employees' information security policy ISP violations are a major problem that plagues organizations worldwide, particularly in the banking/financial sector. Research shows that employees use neutralization techniques to rationalize their ISP violating ...
Comments