Neural correlates of decision making related to information security: Self-control and moral potency

Abstract: Security breaches of digital information represent a significant threat to the wellbeing of individuals, corporations, and governments in the digital era. Roughly 50% of breaches of information security result from the actions of individuals inside organizations (i.e., insider threat), and some evidence indicates that common deterrence programs may not lessen the insiders’ intention to violate information security. This had led researchers to investigate contextual and individual difference variables that infl… Show more

“… Hu et al (2015) demonstrated that some of these modulations of the ERPs were sensitive to both the presence and severity of the ethical violation, although the effect of severity was not replicated in a later study ( West et al, 2019 ). The effect of an ethical violation on the longer latency modulations of the ERPs is sensitive to individual differences in self-control and moral beliefs ( Hu et al, 2015 ; West et al, 2019 ).…”

“…Control items represent decisions that do not involve an ethical element (e.g., assisting a colleague with a project), while violation items represent decisions that involve an ethical violation related to information security (e.g., unauthorized access of a secure server). Individuals are more likely to endorse (respond Yes) to control items than violation items demonstrating a general preference for avoiding unethical behavior, with this preference being moderated by the severity of the violation ( Hu et al, 2015 ; West et al, 2019 ).…”

“…Studies using ERPs with the ISP reveal that decision-making in the task is associated with modulations of the physiology that differentiate ethical violation items from control items between 200 and 2,000 ms after onset of the decision prompt ( Hu et al, 2015 ; West et al, 2019 ; West and Cowger, 2021 ). The earliest effect of an ethical violation on the ERPs reflects a reduction in the amplitude of the posterior N2 component that may result from an inward focus of attention for violation items that limits visual processing of the prompt ( West and Cowger, 2021 ).…”

“…The earliest effect of an ethical violation on the ERPs reflects a reduction in the amplitude of the posterior N2 component that may result from an inward focus of attention for violation items that limits visual processing of the prompt ( West and Cowger, 2021 ). Between 400 and 2,000 ms the ERPs differentiate ethical items from control items over the lateral frontal, medial central, and lateral central regions of the scalp ( Hu et al, 2015 ; West et al, 2019 ). These findings indicate that ethical decision making in the ISP is associated with the recruitment of a temporally and spatially distributed neural network, consistent with broader literature on the neural foundation of moral decision-making ( Greene et al, 2001 ; Young et al, 2007 ; Greene and Young, 2020 ).…”

“…The effect of an ethical violation on the longer latency modulations of the ERPs is sensitive to individual differences in self-control and moral beliefs ( Hu et al, 2015 ; West et al, 2019 ). Consistent with the dual processes account of moral decision-making ( Greene et al, 2001 , 2008 ), slow wave activity in the ISP is greater in those with high self-control ( Hu et al, 2015 ; West et al, 2019 ) and reduced in those with high moral belief ( West et al, 2019 ). These findings converge with behavioral evidence demonstrating that both traits are reliable predictors of decision-making related to information security ( Myyry et al, 2009 ; Siponen et al, 2012 ; Li et al, 2018 ).…”

Using event-related brain potentials to explore the temporal dynamics of decision-making related to information security

“… Hu et al (2015) demonstrated that some of these modulations of the ERPs were sensitive to both the presence and severity of the ethical violation, although the effect of severity was not replicated in a later study ( West et al, 2019 ). The effect of an ethical violation on the longer latency modulations of the ERPs is sensitive to individual differences in self-control and moral beliefs ( Hu et al, 2015 ; West et al, 2019 ).…”

“…Control items represent decisions that do not involve an ethical element (e.g., assisting a colleague with a project), while violation items represent decisions that involve an ethical violation related to information security (e.g., unauthorized access of a secure server). Individuals are more likely to endorse (respond Yes) to control items than violation items demonstrating a general preference for avoiding unethical behavior, with this preference being moderated by the severity of the violation ( Hu et al, 2015 ; West et al, 2019 ).…”

“…Studies using ERPs with the ISP reveal that decision-making in the task is associated with modulations of the physiology that differentiate ethical violation items from control items between 200 and 2,000 ms after onset of the decision prompt ( Hu et al, 2015 ; West et al, 2019 ; West and Cowger, 2021 ). The earliest effect of an ethical violation on the ERPs reflects a reduction in the amplitude of the posterior N2 component that may result from an inward focus of attention for violation items that limits visual processing of the prompt ( West and Cowger, 2021 ).…”

“…The earliest effect of an ethical violation on the ERPs reflects a reduction in the amplitude of the posterior N2 component that may result from an inward focus of attention for violation items that limits visual processing of the prompt ( West and Cowger, 2021 ). Between 400 and 2,000 ms the ERPs differentiate ethical items from control items over the lateral frontal, medial central, and lateral central regions of the scalp ( Hu et al, 2015 ; West et al, 2019 ). These findings indicate that ethical decision making in the ISP is associated with the recruitment of a temporally and spatially distributed neural network, consistent with broader literature on the neural foundation of moral decision-making ( Greene et al, 2001 ; Young et al, 2007 ; Greene and Young, 2020 ).…”

“…The effect of an ethical violation on the longer latency modulations of the ERPs is sensitive to individual differences in self-control and moral beliefs ( Hu et al, 2015 ; West et al, 2019 ). Consistent with the dual processes account of moral decision-making ( Greene et al, 2001 , 2008 ), slow wave activity in the ISP is greater in those with high self-control ( Hu et al, 2015 ; West et al, 2019 ) and reduced in those with high moral belief ( West et al, 2019 ). These findings converge with behavioral evidence demonstrating that both traits are reliable predictors of decision-making related to information security ( Myyry et al, 2009 ; Siponen et al, 2012 ; Li et al, 2018 ).…”

Using event-related brain potentials to explore the temporal dynamics of decision-making related to information security

An Inward Focus of Attention During Information Security Decision Making: Electrophysiological Evidence

Mediators of the Relationship Between Self-control and Pathological Technology Use: Negative Affect and Cognitive Failures, but not Self-efficacy