A model of emotion and computer abuse

Abstract Internal computer abuse has received considerable research attention as a significant source of IS security incidents in organizations. We examine the effects of both organizational and individual factors on individuals’ computer abuse intent. A theoretical model is developed based on two theories: abuse opportunity structure and emotion process. We empirically tested the model with 205 working professionals. We found that the abuse opportunity structure in organizations affects an individual's goal conduciveness, which in turn affects their abuse-positive affect. We also found that morality affects the abuse-positive affect, which in turn mediates the relationship between morality and abuse intent.

[1]  Tero Vartiainen,et al.  What levels of moral reasoning and values explain adherence to information security rules? An empirical study , 2009, Eur. J. Inf. Syst..

[2]  Robert Svensson,et al.  When does self-control matter? The interaction between morality and self-control in crime causation , 2010 .

[3]  Paul Benjamin Lowry,et al.  Partial Least Squares (PLS) Structural Equation Modeling (SEM) for Building and Testing Behavioral Causal Theory: When to Choose It and How to Use It , 2014, IEEE Transactions on Professional Communication.

[4]  R. Clarke Situational Crime Prevention , 1995, Crime and Justice.

[5]  Trevor T. Moores,et al.  Ethical Decision Making in Software Piracy: Initial Development and a Test of a Four-Component Model , 2006, MIS Q..

[6]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[7]  Robert Willison,et al.  Understanding the perpetration of employee computer crime in the organisational context , 2006, Inf. Organ..

[8]  R. Bachman,et al.  The Rationality of Sexual Offending: Testing a Deterrence/Rational Choice Conception of Sexual Assault , 1992 .

[9]  Nico H. Frijda,et al.  Passions: emotions and socially consequential behavior , 1995 .

[10]  K. Scherer,et al.  The Relationship of Emotion to Cognition: A Functional Approach to a Semantic Controversy , 1987 .

[11]  Detmar W. Straub,et al.  Validation in Information Systems Research: A State-of-the-Art Assessment , 2001, MIS Q..

[12]  Qing Hu,et al.  The Role of Self-Control in Information Security Violations: Insights from a Cognitive Neuroscience Perspective , 2015, J. Manag. Inf. Syst..

[13]  J. Gross The Emerging Field of Emotion Regulation: An Integrative Review , 1998 .

[14]  Mikko T. Siponen,et al.  New insights into the problem of software piracy: The effects of neutralization, shame, and moral beliefs , 2012, Inf. Manag..

[15]  Cheryl Burke Jarvis,et al.  The problem of measurement model misspecification in behavioral and organizational research and some recommended solutions. , 2005, The Journal of applied psychology.

[16]  Travis C. Pratt,et al.  The Empirical Status of Deterrence Theory: A Meta-Analysis , 2006 .

[17]  Nico H. Frijda,et al.  The Analysis of Emotions Dimensions of Variation , 1998 .

[18]  Paul W. Beamish,et al.  Building Theoretical and Empirical Bridges Across Levels: Multilevel Research in Management , 2007 .

[19]  L. Treviño Moral reasoning and business ethics: Implications for research, education, and management , 1992 .

[20]  Sravanti L. Sanivarapu Emotion , 2020, Indian journal of psychiatry.

[21]  N. Frijda,et al.  Relations among emotion, appraisal, and emotional action readiness , 1989 .

[22]  N. Frijda Moods, emotion episodes, and emotions. , 1993 .

[23]  C. E. Izard Organizational and motivational functions of discrete emotions. , 1993 .

[24]  Judy A. Siguaw,et al.  Formative versus Reflective Indicators in Organizational Measure Development: A Comparison and Empirical Illustration , 2006 .

[25]  Wynne W. Chin,et al.  Adoption intention in GSS: relative importance of beliefs , 1995, DATB.

[26]  Detmar W. Straub,et al.  Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..

[27]  Dawn M. Cappelli,et al.  Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors , 2005 .

[28]  Charles Cresson Wood,et al.  Policies for deterring computer abuse , 1982, Comput. Secur..

[29]  James Backhouse,et al.  Opportunities for computer crime: considering systems risk from a criminological perspective , 2006, Eur. J. Inf. Syst..

[30]  James R. Rest Moral Development: Advances in Research and Theory , 1986 .

[31]  D. Watson,et al.  Development and validation of brief measures of positive and negative affect: the PANAS scales. , 1988, Journal of personality and social psychology.

[32]  Mo Adam Mahmood,et al.  Employees' adherence to information security policies: An exploratory field study , 2014, Inf. Manag..

[33]  N. Frijda Emotion, cognitive structure and action tendency , 1987 .

[34]  S. Tomkins Illuminating and Stimulating. (Book Reviews: Affect, Imagery, Consciousness. vol. 1, The Positive Affects) , 1963 .

[35]  Tsjalling Swierstra,et al.  Designing a Good Life: A Matrix for the Technological Mediation of Morality , 2012, Sci. Eng. Ethics.

[36]  Mark Keil,et al.  The Effect of IT Failure Impact and Personal Morality on IT Project Reporting Behavior , 2009, IEEE Transactions on Engineering Management.

[37]  N. Frijda The laws of emotion. , 1988, The American psychologist.

[38]  Jack P. Gibbs,et al.  Perceived Risk of Punishment and Self-Reported Delinquency , 1978 .

[39]  Anne Beaudry,et al.  The Other Side of Acceptance: Studying the Direct and Indirect Effects of Emotions on Information Technology Use , 2010, MIS Q..

[40]  K. Scherer,et al.  Culture and emotion. , 1997 .

[41]  Jintae Lee,et al.  A holistic model of computer abuse within organizations , 2002, Inf. Manag. Comput. Secur..

[42]  Jacob Cohen Statistical Power Analysis for the Behavioral Sciences , 1969, The SAGE Encyclopedia of Research Design.

[43]  J. Russell,et al.  Independence and bipolarity in the structure of current affect. , 1998 .

[44]  Detmar W. Straub,et al.  Discovering and Disciplining Computer Abuse in Organizations: A Field Study , 1990, MIS Q..

[45]  Raymond Paternost ' Er DECISIONS TO PARTICIPATE IN AND DESIST FROM FOUR TYPES OF COMMON DELINQUENCY: DETERRENCE AND THE RATIONAL CHOICE PERSPECTIVE , 1989 .

[46]  Prashanth U. Nyer,et al.  The role of emotions in marketing , 1999 .

[47]  Catherine E. Connelly,et al.  Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model , 2011, J. Manag. Inf. Syst..

[48]  Peter R. Giacobbi,et al.  The Internal Structure of Positive and Negative Affect: A Confirmatory Factor Analysis of the PANAS , 2010 .

[49]  Ross A. Thompson,et al.  Emotional regulation and emotional development , 1991 .

[50]  E. Morrison,et al.  WHEN EMPLOYEES FEEL BETRAYED: A MODEL OF HOW PSYCHOLOGICAL CONTRACT VIOLATION DEVELOPS , 1997 .

[51]  M. Silberman Toward a theory of criminal deterrence. , 1976 .

[52]  R. Willison,et al.  Opportunities for computer abuse : assessing a crime specific approach in the case of Barings Bank , 2002 .

[53]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[54]  M. Wenzel The Social Side of Sanctions: Personal and Social Norms as Moderators of Deterrence , 2004, Law and human behavior.

[55]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..

[56]  Ying Li,et al.  Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory , 2013, Comput. Secur..

[57]  K. Scherer,et al.  Appraisal processes in emotion: Theory, methods, research. , 2001 .

[58]  Detmar W. Straub,et al.  Structural Equation Modeling and Regression: Guidelines for Research Practice , 2000, Commun. Assoc. Inf. Syst..

[59]  K. Scherer,et al.  Appraisal processes in emotion. , 2003 .

[60]  Scott B. MacKenzie,et al.  Common method biases in behavioral research: a critical review of the literature and recommended remedies. , 2003, The Journal of applied psychology.

[61]  Tom L. Roberts,et al.  Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: an empirical study of the influence of counterfactual reasoning and organisational trust , 2015, Inf. Syst. J..

[62]  Dustin Ormond,et al.  Don't make excuses! Discouraging neutralization to reduce IT policy violation , 2013, Comput. Secur..

[63]  Ira J. Roseman Appraisal Determinants of Emotions: Constructing a More Accurate and Comprehensive Theory , 1996 .

[64]  Merrill Warkentin,et al.  An Enhanced Fear Appeal Rhetorical Framework: Leveraging Threats to the Human Asset Through Sanctioning Rhetoric , 2015, MIS Q..

[65]  Mark Keil,et al.  Overcoming the Mum Effect in IT Project Reporting: Impacts of Fault Responsibility and Time Urgency , 2008, J. Assoc. Inf. Syst..

[66]  J. Stainer,et al.  The Emotions , 1922, Nature.

[67]  John Beck,et al.  Morality and citizenship in education , 1998 .

[68]  Susan J. Harrington,et al.  The Effect of Codes of Ethics and Personal Denial of Responsibility on Computer Abuse Judgments and Intentions , 1996, MIS Q..

[69]  H. Winklhofer,et al.  Index Construction with Formative Indicators: An Alternative to Scale Development , 2001 .

[70]  K. Scherer,et al.  Psychophysiological responses to appraisal dimensions in a computer game , 2004 .

[71]  Paul E. Spector,et al.  An emotion-centered model of voluntary work behavior , 2002 .

[72]  Megan Johnston,et al.  Moral self and moral emotion expectancies as predictors of anti- and prosocial behaviour in adolescence: A case for mediation? , 2011 .

[73]  R. Oliver Whence Consumer Loyalty? , 1999 .

[74]  Dimitris Gritzalis,et al.  An Insider Threat Prediction Model , 2010, TrustBus.

[75]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[76]  Merrill Warkentin,et al.  Fear Appeals and Information Security Behaviors: An Empirical Study , 2010, MIS Q..

[77]  Mark Keil,et al.  Keeping Mum as the Project Goes Under: Toward an Explanatory Model , 2001, J. Manag. Inf. Syst..

[78]  R. Paternoster,et al.  The deterrent effect of the perceived certainty and severity of punishment: A review of the evidence and issues , 1987 .

[79]  P. Costa,et al.  Factorial and construct validity of the Italian Positive and Negative Affect Schedule (PANAS). , 2003, European journal of psychological assessment : official organ of the European Association of Psychological Assessment.

[80]  Paul Benjamin Lowry,et al.  Proposing the control‐reactance compliance model (CRCM) to explain opposing motivations to comply with organisational information security policies , 2015, Inf. Syst. J..

[81]  D. Nagin,et al.  Tax Compliance and Perceptions of the Risks of Detection and Criminal Prosecution , 1989 .

[82]  GuptaManish,et al.  Insider threats in a financial institution , 2015 .

[83]  Sigal G. Barsade,et al.  Why Does Affect Matter in Organizations , 2007 .

[84]  K. Scherer,et al.  Multimodal expression of emotion: affect programs or componential appraisal patterns? , 2007, Emotion.

[85]  Izak Benbasat,et al.  The Case Research Strategy in Studies of Information Systems , 1987, MIS Q..

[86]  R. Bennett,et al.  Is Your Banker Leaking Your Personal Information? The Roles of Ethics and Individual-Level Cultural Characteristics in Predicting Organizational Computer Abuse , 2013, Journal of Business Ethics.

[87]  Peter Strelan,et al.  Why drug testing in elite sport does not work: Perceptual deterrence theory and the role of personal moral beliefs , 2006 .

[88]  J. Vaidya,et al.  The two general activation systems of affect: Structural findings, evolutionary considerations, and psychobiological evidence , 1999 .

[89]  Fred D. Davis,et al.  Developing and Validating an Observational Learning Model of Computer Software Training and Skill Acquisition , 2003, Inf. Syst. Res..

[90]  Lemuria Carter,et al.  The Role of Individual Characteristics on Insider Abuse Intentions , 2012, AMCIS.

[91]  Joseph T. Wells Internet Fraud Casebook: The World Wide Web of Deceit , 2012 .

[92]  Merrill Warkentin,et al.  Beyond Deterrence: An Expanded View of Employee Computer Abuse , 2013, MIS Q..

[93]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[94]  Tom L. Roberts,et al.  Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders , 2014, Inf. Manag..

[95]  Qing Hu,et al.  Why computer talents become computer hackers , 2013, CACM.

[96]  Younghwa Lee,et al.  An empirical investigation of anti-spyware software adoption: A multitheoretical perspective , 2008, Inf. Manag..

[97]  Nancy Eisenberg,et al.  Effortful control: Relations with emotion regulation, adjustment, and socialization in childhood. , 2004 .

[98]  Alessandro Acquisti,et al.  Privacy Attitudes and Privacy Behavior - Losses, Gains, and Hyperbolic Discounting , 2004, Economics of Information Security.

[99]  E. Thompson Development and Validation of an Internationally Reliable Short-Form of the Positive and Negative Affect Schedule (PANAS) , 2007 .

[100]  Susanne Karstedt,et al.  Emotions and criminal justice , 2002 .

[101]  Clay Posey,et al.  When Computer Monitoring Backfires: Invasion of Privacy and Organizational Injustice as Precursors to Computer Abuse , 2011 .

[102]  Paul Benjamin Lowry,et al.  Using Accountability to Reduce Access Policy Violations in Information Systems , 2013, J. Manag. Inf. Syst..

[103]  R. Willison,et al.  The expanded security action cycle: a temporal analysis , 2010 .

[104]  Sang M. Lee,et al.  An integrative model of computer abuse based on social control and general deterrence theories , 2004, Inf. Manag..

[105]  D. Straub,et al.  Editor's comments: a critical look at the use of PLS-SEM in MIS quarterly , 2012 .

[106]  R. Pieters,et al.  Goal-directed Emotions , 1998 .

[107]  Bruce L. Owdley The G.I. Hacker , 2015 .

[108]  J. Russell,et al.  Core affect, prototypical emotional episodes, and other things called emotion: dissecting the elephant. , 1999, Journal of personality and social psychology.

[109]  Viswanath Venkatesh,et al.  Determinants of Perceived Ease of Use: Integrating Control, Intrinsic Motivation, and Emotion into the Technology Acceptance Model , 2000, Inf. Syst. Res..

[110]  Paul Benjamin Lowry,et al.  Increasing Accountability Through User-Interface Design Artifacts: A New Approach to Addressing the Problem of Access-Policy Violations , 2015, MIS Q..

[111]  Carl Malinowski,et al.  Moral reasoning and moral conduct: An investigation prompted by Kohlberg's theory. , 1985 .

[112]  Varun Grover,et al.  Strategic Information Systems Revisited: A Study in Sustainability and Performance , 1994, MIS Q..

[113]  Patrick Y. K. Chau,et al.  Explaining the Misuse of Information Systems Resources in the Workplace: A Dual-Process Approach , 2014, Journal of Business Ethics.

[114]  J. Russell Core affect and the psychological construction of emotion. , 2003, Psychological review.

[115]  D. Straub,et al.  Knowledge Worker Communications and Recipient Availability: Toward a Task Closure Explanation of Media Choice , 1998 .

[116]  Qing Hu,et al.  Does deterrence work in reducing information security policy abuse by employees? , 2011, Commun. ACM.

[117]  Mikko T. Siponen,et al.  Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations , 2010, MIS Q..

[118]  P. Ekblom PROXIMAL CIRCUMSTANCES: A MECHANISM-BASED CLASSIFICATION OF CRIME PREVENTION , 1994 .

[119]  J. Weisz,et al.  Changing the world and changing the self: A two-process model of perceived control. , 1982 .

[120]  Carol Saunders,et al.  PLS: A Silver Bullet? , 2006 .

[121]  Mikko T. Siponen,et al.  A conceptual foundation for organizational information security awareness , 2000, Inf. Manag. Comput. Secur..

[122]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[123]  Eva Hudlicka,et al.  Guidelines for Designing Computational Models of Emotions , 2011, Int. J. Synth. Emot..

[124]  Jaak Panksepp,et al.  Toward a general psychobiological theory of emotions , 1982, Behavioral and Brain Sciences.

[125]  Qing Hu,et al.  Assimilation of Enterprise Systems: The Effect of Institutional Pressures and the Mediating Role of Top Management , 2007, MIS Q..

[126]  Wynne W. Chin The partial least squares approach for structural equation modeling. , 1998 .

[127]  Harold G. Grasmick,et al.  Deterrence and the Morally Committed , 1980 .

[128]  Evangelos A. Kiountouzis,et al.  The insider threat to information systems and the effectiveness of ISO17799 , 2005, Comput. Secur..

[129]  Vincenzo Ruggiero,et al.  On liberty and crime: Adam Smith and John Stuart Mill , 2009 .

[130]  Tom L. Roberts,et al.  Insiders' Protection of Organizational Information Assets: Development of a Systematics-Based Taxonomy and Theory of Diversity for Protection-Motivated Behaviors , 2013, MIS Q..

[131]  Lakshmi S. Iyer,et al.  Secure activity resource coordination: empirical evidence of enhanced security awareness in designing secure business processes , 2008, Eur. J. Inf. Syst..

[132]  Sarv Devaraj,et al.  Employee Misuse of Information Technology Resources: Testing a Contemporary Deterrence Model , 2012, Decis. Sci..

[133]  M. Hynes,et al.  AFFECT , 2015, The Atlas of AI.

[134]  Joseph S. Valacich,et al.  The Behavioral Roots of Information Systems Security: Exploring Key Factors Related to Unethical IT Use , 2015, J. Manag. Inf. Syst..

[135]  Susan A. Brown,et al.  Who's Afraid of the Virtual World? Anxiety and Computer-Mediated Communication , 2004, J. Assoc. Inf. Syst..

[136]  Hans Boutellier,et al.  Crime and Morality - The Significance of Criminal Justice in Post-Modern Culture , 1999 .

[137]  Jongwoo Kim,et al.  An emote opportunity model of computer abuse , 2014, Inf. Technol. People.

[138]  C. Saunders,et al.  Editor's comments: PLS: a silver bullet? , 2006 .

[139]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[140]  A. Ortony,et al.  What's basic about basic emotions? , 1990, Psychological review.

[141]  L. Treviño Moral reasoning and business ethics: Implications for research, education, and management , 1992 .

[142]  Ronald T. Cenfetelli,et al.  Interpretation of Formative Measurement in Information Systems Research , 2009, MIS Q..

[143]  Ronald C. Dodge,et al.  Phishing for user security awareness , 2007, Comput. Secur..

[144]  Craig A. Smith,et al.  From appraisal to emotion: Differences among unpleasant feelings , 1988 .