Advanced search
Publication Cover
Journal of Computer Information Systems Volume 64, 2024 - Issue 1
Submit an article Journal homepage
264
Views
1
CrossRef citations to date
0
Altmetric
Original Articles

Bad Employees: Examining Deviant Security Behaviors

Kane J. SmithUniversity of North Texas, Denton, TX, USACorrespondence[email protected]
Pages 17-30 | Published online: 16 Feb 2023

References

  • Tittle CR. Control balance: toward a general theory of deviance. Boulder, CO: Westview Press; 1995.
  • Tittle CR. Refining control balance theory. Theor Criminol. 2004;8(4):395–428. doi:10.1177/1362480604046657.
  • Cheng L, Li Y, Li W, Holm E, Zhai Q. Understanding the violation of is security policy in organizations: an integrated model based on social control and deterrence theory. Comput Secur. 2013;39:447–59. doi:10.1016/j.cose.2013.09.009.
  • Safa NS, Maple C, Watson T, Von Solms R. Motivation and opportunity based model to reduce information security insider threats in organizations. J Inf Secur Appl. 2018;40:247–57. doi:10.1016/j.jisa.2017.11.001.
  • Barlow JB, Warkentin M, Ormond D, Dennis A. Don’t even think about it! The effects of antineutralization, informational, and normative communication on information security compliance. J Assoc Inf Sys. 2018;19(8):689–715. doi:10.17705/1jais.00506.
  • Dhillon G, Abdul Talib YY, Picoto WN. The mediating role of psychological empowerment in information security compliance intentions. J Assoc Inf Sys. 2020;21(1):5. doi:10.17705/1jais.00595.
  • Ifinedo P. Information systems security policy compliance: an empirical study of the effects of socialization, influence, and cognition. Inf Manage. 2014;51(1):69–79. doi:10.1016/j.im.2013.10.001.
  • Puhakainen P, Siponen M. Improving employees’ compliance through information systems security training: an action research study. MIS Q. 2010;34(4):757–78. doi:10.2307/25750704.
  • Chen H, Chau PY, Li W. The effects of moral disengagement and organizational ethical climate on insiders’ information security policy violation behavior. Inf Technol People. 2019;32(4):973–92. doi:10.1108/ITP-12-2017-0421.
  • Chu AM, Chau PY. Development and validation of instruments of information security deviant behavior. Decis Support Syst. 2014;66:93–101. doi:10.1016/j.dss.2014.06.008.
  • Johnston AC, Warkentin M. Fear appeals and information security behaviors: an empirical study. MIS Q. 2010;34(3):549–66. doi:10.2307/25750691.
  • Siponen M, Vance A. Neutralization: new insights into the problem of employee information systems security policy violations. MIS Q. 2010;34(3):487–502. doi:10.2307/25750688.
  • Chen Y, Wang X, Benitez J, Luo X, Li D. Does techno-invasion lead to employees’ deviant behaviors? J Manage Inf Sys. 2022;39(2):454–82. doi:10.1080/07421222.2022.2063557.
  • Chu AM, Chau PY, So MK. Developing a typological theory using a quantitative approach: a case of information security deviant behavior. Commun Assoc Inf Sys. 2015;37(25):510–35. doi:10.17705/1CAIS.03725.
  • Crossler RE, Johnston AC, Lowry PB, Hu Q, Warkentin M, Baskerville R. Future directions for behavioral information security research. Comput Secur. 2013;32:90–101. doi:10.1016/j.cose.2012.09.010.
  • Moody GD, Siponen M, Pahnila S. Toward a unified model of information security policy compliance. MIS Q. 2018;42(1):285–311. doi:10.25300/MISQ/2018/13853.
  • Karjalainen M, Sarker S, Siponen M. Toward a theory of information systems security behaviors of organizational employees: a dialectical process perspective. Inf Sys Res. 2019;30(2):687–704. doi:10.1287/isre.2018.0827.
  • Li H, Luo XR, Chen Y. Understanding information security policy violation from a situational action perspective. J Assoc Inf Sys. 2021;22(3):5. doi:10.17705/1jais.00678.
  • Willison R, Warkentin M, Johnston AC. Examining employee computer abuse intentions: insights from justice, deterrence and neutralization perspectives. Inf Sys J. 2018;28(2):266–93. doi:10.1111/isj.12129.
  • Xu F, Luo XR, Hsu C. Anger or fear? Effects of discrete emotions on employee’s computer-related deviant behavior. Inf Manage. 2020;57(3):1–13. doi:10.1016/j.im.2019.103180.
  • Curry TR. Integrating motivating and constraining forces in deviance causation: a test of causal chain hypotheses in control balance theory. Deviant Behav. 2005;26(6):571–99. doi:10.1080/01639620500218286.
  • Trinkle BS, Warkentin M, Malimage K, Raddatz N. High-risk deviant decisions: does neutralization still play a role? J Assoc Inf Sys. 2021;22(3):797–826. doi:10.17705/1jais.00680.
  • Ifinedo P. Effects of security knowledge, self-control, and countermeasures on cybersecurity behaviors. J Comput Inf Syst. 2022;1–17. doi:10.1080/08874417.2022.2065553.
  • Boss SR, Galletta DF, Lowry PB, Moody GD, Polak P. What do system users have to fear? Using fear appeals to engender threats and fear that motivate protective security behaviors. MIS Q. 2015;39(4):837–64. doi:10.25300/MISQ/2015/39.4.5.
  • Wall JD, Buche MW. To fear or not to fear? A critical review and analysis of fear appeals in the information security context. Commun Assoc Inf Sys. 2017;41(1):13. doi:10.17705/1CAIS.04113.
  • Piquero AR, Hickman M. An empirical test of Tittle’s control balance theory. Criminology. 1999;37(2):319–42. doi:10.1111/j.1745-9125.1999.tb00488.x.
  • Piquero AR, Hickman M. Extending Tittle’s control balance theory to account for victimization. Crim Justice Behav. 2003;30(3):282–301. doi:10.1177/0093854803030003002.
  • Schuetz SW, Benjamin Lowry P, Pienta DA, Bennett Thatcher J. The effectiveness of abstract versus concrete fear appeals in information security. J Manage Inf Sys. 2020;37(3):723–57. doi:10.1080/07421222.2020.1790187.
  • D’arcy J, Herath T. A review and analysis of deterrence theory in the is security literature: making sense of the disparate findings. Eur J Inf Syst. 2011;20(6):643–58. doi:10.1057/ejis.2011.23.
  • Siponen M, Soliman W, Vance A. Common misunderstandings of deterrence theory in information systems research and future research directions. ACM SIGMIS Database. 2022;53(1):25–60. doi:10.1145/3514097.3514101.
  • Hair JF, Black WC, Babin BJ, Anderson RE. Multivariate Data Analysis. Englewood Cliffs, NJ: Prentice Hall; 2010.
  • Chin WW, Marcolin BL, Newsted PR. A partial least squares latent variable modeling approach for measuring interaction effects: results from a Monte Carlo simulation study and an electronic-mail emotion/adoption study. Inf Sys Res. 2003;14(2):189–217. doi:10.1287/isre.14.2.189.16018.
  • Guhr N, Lebek B, Breitner MH. The impact of leadership on employees’ intended information security behaviour: an examination of the full-range leadership theory. Inf Sys J. 2019;29(2):340–62. doi:10.1111/isj.12202.
  • Lowry PB, Zhang J, Wang C, Siponen M. Why do adults engage in cyberbullying on social media? an integration of online disinhibition and deindividuation effects with the social structure and social learning model. Inf Sys Res. 2016;27(4):962–86. doi:10.1287/isre.2016.0671.
  • Wang Y, Haggerty N. Individual virtual competence and its influence on work outcomes. J Manage Inf Sys. 2011;27(4):299–334. doi:10.2753/MIS0742-1222270410.
  • Lowry PB, Moody GD, Chatterjee S. Using IT design to prevent cyberbullying. J Manage Inf Sys. 2017;34(3):863–901. doi:10.1080/07421222.2017.1373012.
  • Bamberg S, Schmidt P. Incentives, morality, or habit? Predicting students’ car use for university routes with the models of Ajzen, Schwartz, and Triandis. Environ Behav. 2003;35(2):264–85. doi:10.1177/0013916502250134.
  • Hsu MH, Kuo FY. The effect of organization-based self-esteem and deindividuation in protecting personal information privacy. J Bus Ethics. 2003;42(4):305–20. doi:10.1023/A:1022500626298.
  • Johnston AC, Warkentin M, McBride M, Carter L. Dispositional and situational factors: influences on information security policy violations. Eur J Inf Syst. 2016;25(3):231–51. doi:10.1057/ejis.2015.15.
  • Netemeyer RG, Bearden WO, Sharma S. Scaling procedures: issues and applications. Thousand Oaks, CA: Sage Publications; 2003.
  • Henseler J, Ringle CM, Sarstedt M. A new criterion for assessing discriminant validity in variance-based structural equation modeling. J Acad Mark Sci. 2015;43(1):115–35. doi:10.1007/s11747-014-0403-8.
  • Hu LT, Bentler PM. Fit indices in covariance structure modeling: sensitivity to underparameterized model misspecification. Psychol Methods. 1998;3(4):424. doi:10.1037/1082-989X.3.4.424.
  • Lohmöller JB. Predictive vs. structural modeling: pls vs. ml. In Latent variable path modeling with partial least squares. Heidelberg: Physica; 1989.
  • Jonason PK, O’Connor PJ. Cutting corners at work: an individual differences perspective. Pers Individ Dif. 2017;107:146–53. doi:10.1016/j.paid.2016.11.045.
  • Van Bavel R, Rodríguez-Priego N, Vila J, Briggs P. Using protection motivation theory in the design of nudges to improve online security behavior. Int J Hum Comput Stud. 2019;123:29–39. doi:10.1016/j.ijhcs.2018.11.003.
  • Ruiter RA, Kessels LT, Peters GJY, Kok G. Sixty years of fear appeal research: current state of the evidence. Int J Psychol. 2014;49(2):63–70. doi:10.1002/ijop.12042.
  • Tannenbaum MB, Hepler J, Zimmerman RS, Saul L, Jacobs S, Wilson K, Albarracín D. Appealing to fear: a meta-analysis of fear appeal effectiveness and theories. Psychol Bull. 2015;141(6):1178. doi:10.1037/a0039729.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.