User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach
نویسندگان
چکیده
I insider misuse of information systems resources (i.e., IS misuse) represents a significant threat to organizations. For example, industry statistics suggest that between 50%–75% of security incidents originate from within an organization. Because of the large number of misuse incidents, it has become important to understand how to reduce such behavior. General deterrence theory suggests that certain controls can serve as deterrent mechanisms by increasing the perceived threat of punishment for IS misuse. This paper presents an extended deterrence theory model that combines work from criminology, social psychology, and information systems. The model posits that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention. The model is then tested on 269 computer users from eight different companies. The results suggest that three practices deter IS misuse: user awareness of security policies; security education, training, and awareness (SETA) programs; and computer monitoring. The results also suggest that perceived severity of sanctions is more effective in reducing IS misuse than certainty of sanctions. Further, there is evidence that the impact of sanction perceptions vary based on one’s level of morality. Implications for the research and practice of IS security are discussed.
منابع مشابه
The Role of Individual Characteristics on the Effectiveness of IS Security Countermeasures
General deterrence theory suggests that deterrent security countermeasures (e.g., security policies, security awareness programs, security software) can be used to control IS misuse in organizations. However, empirical studies that have examined the effectiveness of such techniques have produced inconclusive results. A limitation of these studies is that they ignore the impacts of sanction perc...
متن کاملUnderstanding Organization Employee's Information Security Omission Behavior: an Integrated Model of Social norm and Deterrence
Employee`s information security behavior is critical to ensure the security of organization`s information assets. Countermeasures, such as information security policies, are helpful to reduce computer abuse and information systems misuse. However, employees in practice tend to engage in these violation behaviors, although they know policies and countermeasures. Undoubtedly, these omission behav...
متن کاملThe Role of User Computer Self-Efficacy, Cybersecurity Countermeasures Awareness, and Cybersecurity Skills Influence on Computer Misuse
متن کامل
A model for information security compliant behaviour in the healthcare context
Healthcare professionals are dedicated to maintaining the confidentiality of patient information but are resistant to maintaining an information security compliant environment within a health information system. In this paper, a literature review is used to gain knowledge about the factors that affect this information security compliance. An overview of the security threats and those specific t...
متن کاملExamining the Role of Organizational Password Security Policies in Individual Password Security Behaviors
Organizations typically construct computer access password policies that request or require employees to create “strong” passwords. Challenges arise for these employees in attempting to conform to a long list of difficult and potentially conflicting criteria. This dissertation research-in-progress uses concepts from Behavioral Reasoning Theory, General Deterrence Theory, and other theories to e...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Information Systems Research
دوره 20 شماره
صفحات -
تاریخ انتشار 2009