Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model

Guo, Ken H.; Yuan, Yufei; Archer, Norm; Connelly, Catherine E.

doi:10.2753/mis0742-1222280208

Cited by 301 publications

(193 citation statements)

References 73 publications

Supporting

Mentioning

187

Contrasting

Unclassified

Order By: Relevance

“…In addition, most current studies examine users' rationality, cognition or characteristics. For example, several studies adopted a utilitarian approach for deterring misuse behavior (e.g., [10], [41]). This is because many misuse studies are rooted in deterrence theory (e.g., [5], [17]).…”

Section: Introductionmentioning

confidence: 99%

How Espoused Culture Influences Misuse Intention: A Micro-Institutional Theory Perspective

Hovav¹

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

show abstract

Section: Introductionmentioning

confidence: 99%

How Espoused Culture Influences Misuse Intention: A Micro-Institutional Theory Perspective

Hovav¹

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

show abstract

“…Moreover, there are several reasons for the knowing-doing gap; first, the inevitable loss of efficiency and productivity particularly when using automated and mandatory security measures. For instance, the system that restricts acceptable passwords for a designated range of characters or numeric or a firewall configuration that might affect the communication and encryption process that could impact productivity [18], [25]. The other reason why employees do not follow certain guidelines that relate to information security policies are due to unpredictable, rare and unusual circumstances.…”

Section: A Unintentional Insider's Threat To Organizationmentioning

confidence: 99%

“…Moreover, the activities of omissive security behaviour are also influenced by workgroup norms. It refers to people in the same workgroup, including supervisors and peers who have more influence on enduser behaviour [18]. In other words, they might be unaware or not concerned with behavioural ethics as long as they are doing the same thing as their peers.…”

Section: A Unintentional Insider's Threat To Organizationmentioning

confidence: 99%

“…Meanwhile, the capacity factor represents the level of skill possessed by internal individuals who need to access and monitor the IT system. Furthermore, unintentional insider threats could be classified into three types, namely human error [16], omissive security behaviour [17], [18] and shadow IT [19], [20]. Human error refers to carelessness or negligence such as accidental disclosure of information, loss of data storage, disposal of data that is not in accordance with procedures, use and maintenance.…”

Section: A Unintentional Insider's Threat To Organizationmentioning

confidence: 99%

See 1 more Smart Citation

Mitigation Strategies for Unintentional Insider Threats on Information Leaks

Ismail¹,

Yusof²

2018

IJSIA

View full text Add to dashboard Cite

show abstract

“…Recent IS security research has devoted considerable efforts to investigating factors affecting employees' security behaviors through a plethora of theoretical lens, including General Deterrence Theory [17,24,39,41,71,72], Protection Motivation Theory [2,9,19,39,47,67], Rational Choice Theory [13,41], Reactance and Justice Theory [52,53,57,77], Accountability Theory [75,76], Theory of Reasoned Action [37,67], Cognitive Evaluation Theory [67], Coping Theory [23], Compliance Theory [17], Neutralization Theory [68], and Principal Agent Theory [38].…”

Section: Is Security Behaviorsmentioning

confidence: 99%