Punishment and ethics deterrents: A study of insider security contravention

Workman, Michael; Gathegi, John N.

doi:10.1002/asi.20474

Cited by 61 publications

(55 citation statements)

References 75 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Workman & Gathegi, 2007). However, whether or not people simply comply with policies is incomplete in explaining organizational results.…”

Section: Procedural Justice Interactions With Tcm Componentsmentioning

confidence: 95%

“…Security policies are organizational instruments that establish the rules and punitive sanctions regarding security behaviors. Increasingly, employment is conditioned upon employee agreements that elicit promises to comply with security policies including allowing the organization to collect personal data and monitoring their activities (Straub & Welke, 1998;Workman & Gathegi, 2007).…”

Section: Threat Perceptions Severity and Likelihood And Monitoringmentioning

confidence: 99%

See 1 more Smart Citation

A field study of corporate employee monitoring: Attitudes, absenteeism, and the moderating influences of procedural justice perceptions

Workman

2009

Information and Organization

Self Cite

View full text Add to dashboard Cite

“…Workman & Gathegi, 2007). However, whether or not people simply comply with policies is incomplete in explaining organizational results.…”

Section: Procedural Justice Interactions With Tcm Componentsmentioning

confidence: 95%

Section: Threat Perceptions Severity and Likelihood And Monitoringmentioning

confidence: 99%

A field study of corporate employee monitoring: Attitudes, absenteeism, and the moderating influences of procedural justice perceptions

Workman

2009

Information and Organization

Self Cite

View full text Add to dashboard Cite

“…Employee attitudes-especially strong negative affect-are precursors of intentional counterproductive (and even subversive) behaviors ranging from absenteeism to various forms of retaliation (Workman, 2009b;Workman and Gathegi, 2007). Wells (2001) points out that employee dissatisfaction with the work organization is a powerful predictor of workplace fraud.…”

Section: Relevant Researchmentioning

confidence: 99%

Identifying at-risk employees: A behavioral model for predicting potential insider threats

Greitzer¹,

Kangas²,

Noonan³

et al. 2010

View full text Add to dashboard Cite

SummaryA model was developed to assess employees' behavioral manifestations of a number of psychological and personality predispositions that are hypothesized to indicate an increased risk of insider abuse. This psychosocial model is based on case studies and research literature on factors and correlates associated with behavioral precursors of individuals committing insider crimes. In many of these crimes, managers and other coworkers observed that the offenders had exhibited signs of stress, disgruntlement, or other issues, but no alarms were raised. Barriers to using such psychosocial indicators include the inability to recognize the signs and the failure to record the behaviors so that they can be assessed.The model has been implemented as a Bayesian belief network, designed with the help of human resources staff experienced in evaluating workplace behaviors. We conducted an experiment to assess the agreement of the model's risk assessment output with judgments of human resources and management professionals on the relative insider threat risks of a collection of sample scenarios. The model exhibited strong agreement with judgments of the human experts, suggesting that it has potential as a tool to raise an alarm about employees who pose higher insider threat risks. While additional testing is needed, we suggest that combining this type of analysis with more traditional cyber/workstation monitoring tools can ease the processing burden and improve performance of computer-assisted insider threat monitoring and detection.v

show abstract

“…Fundamentally, traditional security research has a "behavioral root" (Workman & Gathegi, 2007) and is a subject of psychological and sociological actions of people. Most prior research in traditional organizational IS security-which is relevant to HRIS -has dealt with the success and failure of security policies by using a deterrence approach (Bulgurcu, Cavusoglu, & Benbasat, 2010;Chen, Ramamurthy, & Wen, 2012;Cheng, Li, Li, Holm, & Zhai, 2013;Herath & Rao, 2009;Straub & Nance, 1990).…”

Section: Security and Habit Researchmentioning

confidence: 99%

Toward a More Secure HRIS: The Role of HCI and Unconscious Behavior

Zafar¹,

Randolph²,

Martin³

2017

THCI

View full text Add to dashboard Cite

Abstract:By design, human resource information systems (HRIS) hold confidential and sensitive information. Therefore, one needs to ensure the security of these systems from unintentional mistakes that may compromise such information. Current systems design and training procedures of HRIS unintentionally help reinforce unsecure behaviors that result in non-malicious security breaches. Measures to improve security through design and training may only occur by breaking the use/impact cycle that individuals have habitually formed. Using strong contexts and cues allow trainers to interrupt individuals' habits. Then, they have the opportunity to enforce the repetition of the desired behavior. This paper introduces a model of habit formation from consumer behavior that one may apply to HRIS.

show abstract

Punishment and ethics deterrents: A study of insider security contravention

Cited by 61 publications

References 75 publications

A field study of corporate employee monitoring: Attitudes, absenteeism, and the moderating influences of procedural justice perceptions

A field study of corporate employee monitoring: Attitudes, absenteeism, and the moderating influences of procedural justice perceptions

Identifying at-risk employees: A behavioral model for predicting potential insider threats

Toward a More Secure HRIS: The Role of HCI and Unconscious Behavior

Contact Info

Product

Resources

About