Insiders’ Protection of Organizational Information Assets:  Development of a Systematics-Based Taxonomy and Theory of Diversity for Protection-Motivated Behaviors

Posey, Clay; Roberts, Tom; Lowry, Paul Benjamin; Bennett, Rebecca J.; Courtney, James F.

doi:10.25300/misq/2013/37.4.09

Cited by 159 publications

(176 citation statements)

References 109 publications

Supporting

Mentioning

172

Contrasting

Unclassified

Order By: Relevance

“…Crossler, Johnston, Lowry, Hu, Warkentin, and Baskerville [6], and Posey, Roberts, Lowry, Bennett, and Courtney [36] have raised such methodological concerns citing that studies solely placing emphasis on improving security awareness among insiders cannot address the issues relating to insiders who engage in an act driven by malicious intentions. This is "because knowledge created from a focus on a single behavior or subset of behaviors does not necessarily generalize to the grand structure M a n u s c r i p t 4 of behaviors" [36, p.1190].…”

Section: Introductionmentioning

confidence: 99%

“…Overall, this paper searches for differences in behavioral intentions and in the cause-effect relationships between these intentions and their predictor variables among different types of dysfunctional information system behaviors. This paper accordingly addresses the above methodological issues in the current studies on insider dysfunctional behaviors in information systems [e.g., 4,6,[36][37][38], allowing an examination of behavioral intentions and changes in the predictors of these intentions across different types of dysfunctional behaviors.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Dysfunctional information system behaviors are not all created the same: Challenges to the generalizability of security-based research

Djajadikerta

Roni

Trireksani

2015

Information & Management

View full text Add to dashboard Cite

Please cite this article as: H.G. Djajadikerta, S. Mat Roni, T. Trireksani, Dysfunctional information system behaviors are not all created the same: Challenges to the generalizability of security-based research, Information and Management (2015), http://dx.doi.org/10.1016/j.im. 2015.07.008 This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.

show abstract

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Dysfunctional information system behaviors are not all created the same: Challenges to the generalizability of security-based research

Djajadikerta

Roni

Trireksani

2015

Information & Management

View full text Add to dashboard Cite

show abstract

“…Human factors play a crucial role in cybersecurity [60], and recent analyses show that employees are often the weakest link in an organization with regard to cybersecurity [61]. As a result, organizations are urged to consider investing in cybersecurity training as a top priority [62], and to encourage protection-motivated behaviors [63,64]. These recommendations mean nothing if organizations fail to understand the impacts of delays and fall into the trap of shorttermism.…”

Section: Complex Systems and Delays In Building Cybersecurity Capabilmentioning

confidence: 99%

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

2017

View full text Add to dashboard Cite

Abstract:We developed a simulation game to study how well decision makers understand two fundamental aspects of complexity in cybersecurity: potential delays in building capabilities, and uncertainties in predicting cyber-incidents. Analyzing 1,479 simulation runs, we compared the performances of a group of experienced professionals to an inexperienced control group. Experienced subjects did not understand the mechanisms of delays any better than inexperienced subjects. Both groups also exhibited similar errors when dealing with the uncertainty of cyber-incidents. Our findings highlight the importance of training for decision-makers, and lay the groundwork for future research in uncovering mental biases about the complexities of cybersecurity.

show abstract

“…This is within the notion and premise that without policies and regulations, an organisation can experience incidents of information leakages and breaches (Deng et al 2011). Thus, roles, responsibilities and accountabilities of information usage by employees should be well guided (Posey et al 2013). …”

Section: Protection and Breaches Of Personal Informationmentioning

confidence: 99%

Towards a conceptual framework for protection of personal information from the perspective of activity theory

Iyamu

Ngqame

2017

S. Afr. j. inf. manag.

View full text Add to dashboard Cite

Background: Personal information about individuals is stored by organisations including government agencies. The information is intended to be kept confidential and strictly used for its primary and legitimate purposes. However, that has not always been the case in many South African government agencies and departments. In recent years, personal information about individuals and groups has been illegally leaked for other motives, in which some were detrimental. Even though there exists a legislation, Protection of Personal Information (POPI) Act, which prohibits such malpractices, illegally leaked information has however, not stopped or reduced. In addition to the adoption of the POPI Act, a more stringent approach is therefore needed in order to improve sanity in the use and management of personal information. Otherwise, the detriment that such malpractices cause too many citizens can only be on the increase.Objectives: The objectives of this study were in twofold: (1) to examine and understand the activities that happen with personal information leaks, which includes why and how information is leaked; and (2) to develop a conceptual framework, which includes identification of the factors that influence information leaks and breaches in an environment.Method: Qualitative research methods were followed in achieving the objectives of the study. Within the qualitative methods, documents including existing literature were gathered. The activity theory was employed as lens to guide the analysis.Result: From the analysis, four critical factors were found to be of influence in information leaks and breaches in organisations. The factors include: (1) information and its value, (2) the roles of society and its compliance to information protection, (3) government and its laws relating to information protection and (4) the need for standardisation of information usage and management within a community. Based on the factors, a conceptual framework was developed.Conclusion: This study can be used to guide implementation of information protection acts in any environment. It empirically contributes to societal awareness on how and why personal information is leaked and breached. Also, it will benefit academic domain, particularly in the use of activity theory.

show abstract

Insiders’ Protection of Organizational Information Assets: Development of a Systematics-Based Taxonomy and Theory of Diversity for Protection-Motivated Behaviors

Cited by 159 publications

References 109 publications

Dysfunctional information system behaviors are not all created the same: Challenges to the generalizability of security-based research

Dysfunctional information system behaviors are not all created the same: Challenges to the generalizability of security-based research

Decision Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment

Towards a conceptual framework for protection of personal information from the perspective of activity theory

Contact Info

Product

Resources

About