SOCIAL-COGNITIVE MECHANISMS AND COUNTERPRODUCTIVE COMPUTER SECURITY BEHAVIORS (CCSB): AN ANALYSIS OF LINKS

Very little research has been carried out to determine the links between social-cognitive mechanisms and employees’ counterproductive computer security behaviors (CCSB). Accordingly, we aim to contribute to the literature in this area. A research model that drew from the social cognitive theory (SCT) was proposed and tested with data collected from professionals employed in Canadian organizations. Data analysis using the partial least squares (PLS) technique confirmed that outcome expectations (personal) and selfregulation were significant factors that impacted employees’ decisions to engage or not in CCSB. The other considered SCT factors (i.e., observational learning, self-efficacy, and outcome expectations (organizational) in our study yielded insignificant results. The study’s implications for practice and research are discussed.

[1]  Norbert K. Semmer,et al.  Illegitimate Tasks and Counterproductive Work Behavior , 2010 .

[2]  Catherine E. Connelly,et al.  Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model , 2011, J. Manag. Inf. Syst..

[3]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[4]  Lori N. K. Leonard,et al.  Illegal, Inappropriate, And Unethical Behavior In An Information Technology Context: A Study To Explain Influences , 2001, J. Assoc. Inf. Syst..

[5]  H. Winklhofer,et al.  Index Construction with Formative Indicators: An Alternative to Scale Development , 2001 .

[6]  A. O'Leary-Kelly,et al.  Monkey See, Monkey Do: The Influence of Work Groups on the Antisocial Behavior of Employees , 1998 .

[7]  Michel Tenenhaus,et al.  PLS path modeling , 2005, Comput. Stat. Data Anal..

[8]  Qing Hu,et al.  Does deterrence work in reducing information security policy abuse by employees? , 2011, Commun. ACM.

[9]  Detmar W. Straub,et al.  Specifying Formative Constructs in Information Systems Research , 2007, MIS Q..

[10]  B. Zimmerman,et al.  Social Origins of Self-Regulatory Competence , 1997 .

[11]  Jeffrey M. Stanton,et al.  Analysis of end user security behaviors , 2005, Comput. Secur..

[12]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[13]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..

[14]  A Bandura,et al.  Cognitive processes mediating behavioral change. , 1977, Journal of personality and social psychology.

[15]  Wynne W. Chin Issues and Opinion on Structural Equation Modeling by , 2009 .

[16]  Paul E. Spector,et al.  An emotion-centered model of voluntary work behavior , 2002 .

[17]  Jared Freeman,et al.  Training organizational supervisors to detect and prevent cyber insider threats: two approaches , 2013, EAI Endorsed Trans. Security Safety.

[18]  Deborah Compeau,et al.  Social Cognitive Theory and Individual Reactions to Computing Technology: A Longitudinal Study , 1999, MIS Q..

[19]  Henry L. Tosi A Theory of Goal Setting and Task Performance , 1991 .

[20]  Detmar W. Straub,et al.  Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..

[21]  M. Workman,et al.  Punishment and ethics deterrents: A study of insider security contravention , 2007 .

[22]  A. Bandura,et al.  Social Cognitive Theory of Organizational Management , 1989 .

[23]  A. Bandura Social Foundations of Thought and Action: A Social Cognitive Theory , 1985 .

[24]  Tung-Ching Lin,et al.  Understanding knowledge management system usage antecedents: An integration of social cognitive theory and task technology fit , 2008, Inf. Manag..

[25]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[26]  Kirk Chang,et al.  Counterproductive behaviour at work: an investigation into reduction strategies , 2010 .

[27]  Anat Hovav,et al.  Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea , 2012, Inf. Manag..

[28]  Scott B. MacKenzie,et al.  Common method biases in behavioral research: a critical review of the literature and recommended remedies. , 2003, The Journal of applied psychology.

[29]  Mikko T. Siponen,et al.  Using the theory of interpersonal behavior to explain non-work-related personal use of the Internet at work , 2013, Inf. Manag..

[30]  Vishal Midha,et al.  The Impact of Training and Social Norms on Information Security Compliance: A Pilot Study , 2012, ICIS.

[31]  Princely Ifinedo,et al.  Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition , 2014, Inf. Manag..

[32]  Steven D. Brown,et al.  Toward a Unifying Social Cognitive Theory of Career and Academic Interest, Choice, and Performance , 1994 .

[33]  M. Mount,et al.  RELATIONSHIP OF PERSONALITY TRAITS AND COUNTERPRODUCTIVE WORK BEHAVIORS: THE MEDIATING EFFECTS OF JOB SATISFACTION , 2006 .

[34]  Jeffrey M. Stanton,et al.  Behavioral Information Security: Two End User Survey Studies of Motivation and Security Practices , 2004, AMCIS.

[35]  Mikko T. Siponen,et al.  Motivating IS security compliance: Insights from Habit and Protection Motivation Theory , 2012, Inf. Manag..