Options
Reducing Insider Computer Abuse: Influence of contextual events
Type
applied research project
Start Date
01 February 2016
End Date
31 January 2019
Status
ongoing
Keywords
Insider computer abuse
Health Belief Model
Warnings
organisational IT security
information security
Employee compliance
Description
Emotions, disgruntlement as result of organizational injustice and ignorance of warning communication, to the best of our knowledge, have not been yet addressed in the IS security literature. Indeed, numerous studies have focused on the security behavior of employees, but little attention has been paid to the phenomena which temporally precedes insider computer abuse. These contextual events represent an important area where new theoretical insights are needed to understand how we can influence the efficacy of deterrence safeguards and consequently, improve employee’s compliance.
Overall, this research proposal seeks to study the three contextual events (ignorance of warning communication, emotions, and disgruntlement), using theory-based methods, and measuring their effects on employee’s behavior.
Finally, based on theories of communication and persuasion, such as the Health Beliefs Model, or Equity and Appraisal Theories, this study proposes that employees who pay attention to contextual events may be more persuaded to behave securely which would reduce the insider computer abuse. Thus, this leads to our research questions:
RQ1. How different forms of employee computer abuse that result from different forms of injustice, will be equally deferrable?
RQ2. How is the insider computer abuse phenomenon influenced by strong emotions?
RQ3. Do emotions moderate the threat of sanctions created by IS security deterrent safeguards?
RQ4. How may warning message content, based on theory, affect adherence especially when users pay attention to the content of the warning message?
RQ5. What communication and persuasion triggers are positively associated with user’s intention to be compliant?
RQ6. How can warnings lead to a higher effectiveness of sanction threats when it comes to the progression, reduction in frequency and decrease in duration of the security incident.
RQ7. Which textual treatments are effective in eliciting user compliance?
RQ8. Which motivational cues affect individuals the most in their decision making process?
Overall, this research proposal seeks to study the three contextual events (ignorance of warning communication, emotions, and disgruntlement), using theory-based methods, and measuring their effects on employee’s behavior.
Finally, based on theories of communication and persuasion, such as the Health Beliefs Model, or Equity and Appraisal Theories, this study proposes that employees who pay attention to contextual events may be more persuaded to behave securely which would reduce the insider computer abuse. Thus, this leads to our research questions:
RQ1. How different forms of employee computer abuse that result from different forms of injustice, will be equally deferrable?
RQ2. How is the insider computer abuse phenomenon influenced by strong emotions?
RQ3. Do emotions moderate the threat of sanctions created by IS security deterrent safeguards?
RQ4. How may warning message content, based on theory, affect adherence especially when users pay attention to the content of the warning message?
RQ5. What communication and persuasion triggers are positively associated with user’s intention to be compliant?
RQ6. How can warnings lead to a higher effectiveness of sanction threats when it comes to the progression, reduction in frequency and decrease in duration of the security incident.
RQ7. Which textual treatments are effective in eliciting user compliance?
RQ8. Which motivational cues affect individuals the most in their decision making process?
Leader contributor(s)
Funder(s)
Range
Institute/School
Range (De)
Institut/School
Division(s)
Eprints ID
247333
Reference Number
2200381
5 results
Now showing
1 - 5 of 5
-
PublicationDeterrent Effects of Warnings on User’s Behavior in Preventing Malicious Software Use(Proceedings of the 50th Annual Hawaii International Conference on System Sciences (HICSS), 2017-01-06)Type: conference paper
-
PublicationImpact of Gamification on User’s Knowledge-Sharing Practices:Relationships between Work Motivation, Performance Expectancy and Work Engagement(Proceedings of the 50th Annual Hawaii International Conference on System Sciences (HICSS), 2017-01-07)Type: conference paper
-
PublicationHealth Belief Model and Organizational Employee Computer Abuse(Springer, 2018)
;Njavro, Mato ;Silic, Dario ;Oblakovic, Goran ;Nah, Fiona Fui-HoonXiao, Bo SophiaThis study is set out to examine the determinants that drive preventive/protective as well as abusive behaviors among employees in the context of information security by extending the health belief model - a model set out to explain and predict healthy behaviors in human beings. A field experiment, accompanied by online surveys in two financial organizations in the US and India is conducted, measuring employees’ actual security behaviors. We identified factors (perceived susceptibility, perceived barriers, and self-efficacy) that have the largest effect on employee’s security behaviors. We offer several theoretical contributions and implications for practice.Type: book section -
PublicationOpen Source Software Adoption: Lessons from Linux in MunichIt took 10 years for the city of Munich to migrate 15,000 PCs from Windows to the Linux operating system. Was it worth it? This article focuses on how to effectively cope with open source software (OSS) adoption in an organizational context. Based on the Linux in Munich case, the authors present challenges and risks for IT decision makers and propose recommendations for evaluating and calculating the risks of OSS adoption.
Scopus© Citations 12 -
PublicationA new perspective on neutralization and deterrence: Predicting shadow IT usageThis study examines the role of neutralization and deterrence in discouraging employees from using Shadow IT: tools, services and systems used in an organization but not authorized by the IT department. Our study provides a unique contribution to the IT security literature by studying effects of neutralization on both intentions (self-reported) and actual behavior, as well as examining the role of shame as a mediator. We surveyed employees from four organizations and found that the “metaphor of the ledger” neutralization technique predicts Shadow IT intention and actual Shadow IT usage. We also find that neutralization and deterrence effects influence shame.Type: journal articleJournal: Information & managementVolume: 54Issue: 8
Scopus© Citations 70