Wayne D. Kearney scite author profile

Purpose The purpose of this paper is to discuss and theorise on the appropriateness and potential impact of risk homeostasis in the context of information security. Design/methodology/approach The discussion is mainly based on a literature survey backed up by illustrative empirical examples. Findings Risk homeostasis in the context of information security is an under-explored topic. The principles, assumptions and methodology of a risk homeostasis framework offer new insights and knowledge to explain and predict contradictory human behaviour in information security. Practical implications The paper shows that explanations for contradictory human behaviour (e.g. the privacy paradox) would gain from considering risk homeostasis as an information security risk management model. The ideas discussed open up the prospect to theorise on risk homeostasis as a framework in information security and should form a basis for further research and practical implementations. On a more practical level, it offers decision makers useful information and new insights that could be advantageous in a strategic security planning process. Originality/value This is the first systematic comprehensive review of risk homeostasis in the context of information security behaviour and readers of the paper will find new theories, guidelines and insights on risk homeostasis.

show abstract

I shall, we shall, and all others will: paradoxical information security behaviour

Snyman

Kruger

Kearney³

2018

ICS

View full text Add to dashboard Cite

Purpose The purpose of this paper is to investigate the lemming effect as a possible cause for the privacy paradox in information security. Design/methodology/approach Behavioural threshold analysis is used to test for the presence of the lemming effect in information security behaviour. Paradoxical behaviour may be caused by the influential nature of the lemming effect. The lemming effect is presented as a possible cause of the privacy paradox. Findings The behavioural threshold analysis indicates that the lemming effect is indeed present in information security behaviour and may lead to paradoxical information security behaviour. Practical implications The analysis of the lemming effect can be used to assist companies in understanding the way employees influence each other in their behaviour in terms of security. By identifying possible problem areas, this approach can also assist in directing their information security education endeavours towards the most relevant topics. Originality/value This research describes the first investigation of the lemming effect in information security by means of behavioural threshold analysis in practice.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Wayne D. Kearney

A prototype for assessing information security awareness

Considering the influence of human trust in practical social engineering exercises

Can perceptual differences account for enigmatic information security behaviour in an organisation?

Theorising on risk homeostasis in the context of information security behaviour

I shall, we shall, and all others will: paradoxical information security behaviour

Contact Info

Product

Resources

About