Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory

Cheng, Lijiao; Liu, Ying; Li, Wenli; Holm, Eric; Zhai, Qingguo

doi:10.1016/j.cose.2013.09.009

Cited by 188 publications

(157 citation statements)

References 57 publications

Supporting

Mentioning

132

Contrasting

Unclassified

Order By: Relevance

“…Conlleva a la realización de acciones específicas para contribuir a la preservación y mejora ecológica común, para el bien de la humanidad actual y futura (Cheng, Li, Li, Holm, & Zhai, 2013).…”

Section: La Rse Vs Tecnología De Información Y La Comunicaciónunclassified

Responsabilidad social empresarial e innovación: Una mirada desde las tecnologías de la información y comunicación en organizaciones

2015

View full text Add to dashboard Cite

Responsabilidad social empresarial e innovación: Una mirada desde las tecnologías de la información y comunicación en organizacionesResponsabilidad social empresarial e innovación: Una mirada desde las tecnologías de la información y comunicación en organizaciones Resumen: Partiendo de la revisión bibliográfica de las revistas de más alto impacto, se muestran los diferentes énfasis y tendencias teóricas de la discusión sobre el componente tecnológico en las organizaciones en los últimos seis años. Los aportes de los autores muestran la evolución de este concepto en su conjunto y su necesidad de incorporarlo para generar innovación tecnológica, mejoramiento en el desempeño organizacional y creación de valor.El contenido y estructura del trabajo es resultado de la dinámica encontrada en torno a tres diferentes propuestas teóricas: Tecnologías de la Información y la Comunicación (TIC), la capacidad tecnológica y Responsabilidad Social Empresarial (RSE). La utilidad de este artículo es diversa. En primer lugar, se identificaron interrelaciones a partir de un análisis de las similitudes, diferencias y contraposiciones de los conceptos planteados entre los artículos revisados. Y en segundo lugar, sirve como evidencia de la necesidad apremiante de las organizaciones para que tecnológicamente se apropien de prácticas socialmente responsables que se traduzcan en una verdadera ventaja competitiva.Palabras clave: Capacidad tecnológica, Desempeño organizacional, Impacto social, Responsabilidad Social Empresarial, Tecnologías de la Información y la Comunicación. JEL: M10, M14, M15.Abstract: Starting from the literature review of the highest impact journals, different emphasis and theoretical trends of the discussion on the technological component in organizations in the past six years they are shown. The contributions of the authors show the evolution of this concept as a whole and its need to incorporate it, to generate technological innovation, improvement in organizational performance and value creation.The content and structure of the paper is the result of the dynamics encountered around three different theoretical proposals: information and communications technology (ICT), technological capability and Social Responsibility (CSR). The usefulness of this article is diverse. Firstly, interactions were identified from an analysis of the similarities, differences and contrapositions, of the concepts raised among reviewed articles. And secondly, it serves as evidence of the urgent need for

show abstract

Section: La Rse Vs Tecnología De Información Y La Comunicaciónunclassified

Responsabilidad social empresarial e innovación: Una mirada desde las tecnologías de la información y comunicación en organizaciones

2015

View full text Add to dashboard Cite

show abstract

“…What is novel is how they apply brain imaging technologies-magnetic resonance imaging (fMRI) and electroencephalography (EEG) to explain selfcontrol as an inhibitor of desire for immediate gratification and how low self-control could short circuit moral judgement and rational choice. There were instances where scholarly work was coded for two or more theories used by scholars to explain information security policy violations (Aurigemma & Mattson, 2014;Bansal & Zahedi, 2015;Barlow et al, 2013;Browne et al, 2015;Cheng et al, 2013). An important consideration arising from the previous sections that have addressed various perspectives of scholarly work on IS security policy violation is the omission of the paradox perspective to problematize IS security violations.…”

Section: Interdisciplinary Perspectives In Is Security Policy Violationmentioning

confidence: 99%

“…Cheng, Li, Li, Holm, and Zhai (2013) for instance look at IS security policy violations occurring as a result of employees' weaker social bonds to their mangers, co-workers and organizations. They see this as likely leading to and influencing their willingness to engage in violations.…”

Section: Interdisciplinary Perspectives In Is Security Policy Violationmentioning

confidence: 99%

Understanding Internal Information Systems Security Policy Violations as Paradoxes

Njenga

2017

IJIKM

View full text Add to dashboard Cite

Aim/Purpose: Violations of Information Systems (IS) security policies continue to generate great anxiety amongst many organizations that use information systems, partly because these violations are carried out by internal employees. This article addresses IS security policy violations in organizational settings, and conceptualizes and problematizes IS security violations by employees of organizations from a paradox perspective. Background: The paradox is that internal employees are increasingly being perceived as more of a threat to the security of organizational systems than outsiders. The notion of paradox is exemplified in four organizational contexts of belonging paradox, learning paradox, organizing paradox and performing paradox. Methodology : A qualitative conceptual framework exemplifying how IS security violations occur as paradoxes in context to these four areas is presented at the end of this article. Contribution: The article contributes to IS security management practice and suggests how IS security managers should be positioned to understand violations in light of this paradox perspective. Findings: The employee generally in the process of carrying out ordinary activities using computing technology exemplifies unique tensions (or paradoxes in belonging, learning, organizing and performing) and these tensions would generally tend to lead to policy violations when an imbalance occurs. Recommendations for Practitioners: IS security managers must be sensitive to employees tensions. Future Research: A quantitative study, where statistical analysis could be applied to generalize findings, could be useful.

show abstract

“…Fundamentally, traditional security research has a "behavioral root" (Workman & Gathegi, 2007) and is a subject of psychological and sociological actions of people. Most prior research in traditional organizational IS security-which is relevant to HRIS -has dealt with the success and failure of security policies by using a deterrence approach (Bulgurcu, Cavusoglu, & Benbasat, 2010;Chen, Ramamurthy, & Wen, 2012;Cheng, Li, Li, Holm, & Zhai, 2013;Herath & Rao, 2009;Straub & Nance, 1990).…”

Section: Security and Habit Researchmentioning

confidence: 99%

Toward a More Secure HRIS: The Role of HCI and Unconscious Behavior

Zafar¹,

Randolph²,

Martin³

2017

THCI

View full text Add to dashboard Cite

Abstract:By design, human resource information systems (HRIS) hold confidential and sensitive information. Therefore, one needs to ensure the security of these systems from unintentional mistakes that may compromise such information. Current systems design and training procedures of HRIS unintentionally help reinforce unsecure behaviors that result in non-malicious security breaches. Measures to improve security through design and training may only occur by breaking the use/impact cycle that individuals have habitually formed. Using strong contexts and cues allow trainers to interrupt individuals' habits. Then, they have the opportunity to enforce the repetition of the desired behavior. This paper introduces a model of habit formation from consumer behavior that one may apply to HRIS.

show abstract

Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory

Cited by 188 publications

References 57 publications

Responsabilidad social empresarial e innovación: Una mirada desde las tecnologías de la información y comunicación en organizaciones

Responsabilidad social empresarial e innovación: Una mirada desde las tecnologías de la información y comunicación en organizaciones

Understanding Internal Information Systems Security Policy Violations as Paradoxes

Toward a More Secure HRIS: The Role of HCI and Unconscious Behavior

Contact Info

Product

Resources

About