Behavioral Information Security: Two End User Survey Studies of Motivation and Security Practices

Information security is a multibillion-dollar problem faced by commercial and government organizations around the world. Through their adverse effects on organizational information systems, malware, hackers, and malicious insiders jeopardize organizations’ capabilities to pursue their missions effectively. Although technology-based solutions help to mitigate some of the many problems of information security, even the best technology cannot work successfully unless the people in organizations do the right thing. In two national survey studies (N=1167 and N=298) we explored some of the motivational antecedents surrounding the practices of information security by end users. Results revealed that organization type, job role, job satisfaction, and organizational commitment each showed relations to some key security behaviors of end users.

[1]  Paul E. Spector,et al.  Building an integrative model of extra role work behaviors: A comparison of counterproductive work behavior with organizational citizenship behavior. , 2002 .

[2]  James G. Phillips,et al.  Potential determinants of heavier internet usage , 2000, Int. J. Hum. Comput. Stud..

[3]  Harrison M. Trice,et al.  Occupational subcultures in the workplace , 1993 .

[4]  Paul E. Spector,et al.  An emotion-centered model of voluntary work behavior , 2002 .

[5]  Richard Hackworth,et al.  OECD 'Guidelines for the Security of Information Systems" , 1993, Security and Control of Information Technology in Society.

[6]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[7]  Dongho Won,et al.  Information Security and Cryptology — ICISC 2000 , 2001, Lecture Notes in Computer Science.

[8]  M StantonJeffrey Company profile of the frequent internet user , 2002 .

[9]  R P Quinn,et al.  Job satisfaction, counterproductive behavior, and drug use at work. , 1975, The Journal of applied psychology.

[10]  Charles Møller,et al.  Proceedings of the Tenth Americas Conference on Information Systems , 2004 .

[11]  Karen D. Loch,et al.  Evaluating ethical decision making and computer use , 1996, CACM.

[12]  Richard Mesic,et al.  Securing the U.S. Defense Information Infrastructure: A Proposed Approach , 1999 .

[13]  G. Dhillon Information Security Management: Global Challenges in the New Millennium , 2000 .

[14]  Indira R. Guzman,et al.  Examining the linkage between organizational commitment and information security , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[15]  Bruce Schneier,et al.  Secrets and Lies , 2004 .

[16]  J. Morahan-Martin,et al.  Incidence and correlates of pathological Internet use among college students ? ? Portions of this pa , 2000 .

[17]  John P. Meyer,et al.  The measurement and antecedents of affective, continuance and normative commitment to the organization , 1990 .

[18]  Jeffrey M. Stanton,et al.  Company profile of the frequent internet user , 2002, CACM.