Understanding Internet Abuses at Work Using Extended Rational Choice Theory Research-in-Progress

Employees’ violation of Internet use policy exposes firms to increasing security risks from cyber-attacks. Extant studies on security policy compliance have largely ignored the role of dispositional and contextual factors in employees’ decision. Drawing on the literature in criminology, this paper extended the rational choice theory by integrating low self-control and two organizational context factors to have a fine-grained understanding of the decision making process involved in Internet use policy compliance. The results will help indicate whether employees’ compliance intention is influenced by the cost-benefit calculus adjusted by their low self-control disposition, procedural justice perception and organizational moral climate. Research results are expected to be presented at the conference.

[1]  J. Michael Pearson,et al.  The effects of sanctions and stigmas on cyberloafing , 2013, Comput. Hum. Behav..

[2]  Jai-Yeol Son,et al.  Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies , 2011, Inf. Manag..

[3]  Qing Hu,et al.  Does deterrence work in reducing information security policy abuse by employees? , 2011, Commun. ACM.

[4]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[5]  Mikko T. Siponen,et al.  Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations , 2010, MIS Q..

[6]  Rathindra Sarathy,et al.  Understanding compliance with internet use policy from the perspective of rational choice theory , 2010, Decis. Support Syst..

[7]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[8]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[9]  Tero Vartiainen,et al.  What levels of moral reasoning and values explain adherence to information security rules? An empirical study , 2009, Eur. J. Inf. Syst..

[10]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[11]  L. G. Pee,et al.  Explaining non-work-related computing in the workplace: A comparison of alternative models , 2008, Inf. Manag..

[12]  Jeffrey R Frost,et al.  Armed, and Dangerous (?): Motivating Rule Adherence Among Agents of Social Control. , 2007 .

[13]  A. Mahmood,et al.  Factors Influencing Protection Motivation and IS Security Policy Compliance , 2006, 2006 Innovations in Information Technology.

[14]  Phani Tej Adidam,et al.  The Impact of Perceived Fairness on Satisfaction: Are Airport Security Measures Fair? Does it Matter? , 2006 .

[15]  George E. Higgins,et al.  Digital Piracy: Assessing the Contributions of an Integrated Self‐Control Theory and Social Learning Theory Using Structural Equation Modeling , 2006 .

[16]  Michael Wenzel,et al.  Motivation or rationalisation? Causal relations between ethics, norms and tax compliance , 2005 .

[17]  Wynne W. Chin,et al.  Factors motivating software piracy: a longitudinal study , 2004, IEEE Transactions on Engineering Management.

[18]  M. Wenzel The Social Side of Sanctions: Personal and Social Norms as Moderators of Deterrence , 2004, Law and human behavior.

[19]  Avshalom Caspi,et al.  Does the Perceived Risk of Punishment Deter Criminally Prone Individuals? Rational Choice, Self-Control, and Crime , 2004 .

[20]  Dennis F. Galletta,et al.  Software Piracy in the Workplace: A Model and Empirical Test , 2003, J. Manag. Inf. Syst..

[21]  Wynne W. Chin,et al.  A Partial Least Squares Latent Variable Modeling Approach for Measuring Interaction Effects: Results from a Monte Carlo Simulation Study and an Electronic - Mail Emotion/Adoption Study , 2003, Inf. Syst. Res..

[22]  V. Lim The IT way of loafing on the job: cyberloafing, neutralizing and organizational justice , 2002 .

[23]  J. Colquitt On the dimensionality of organizational justice: a construct validation of a measure. , 2001, The Journal of applied psychology.

[24]  James Backhouse,et al.  Current directions in IS security research: towards socio‐organizational perspectives , 2001, Inf. Syst. J..

[25]  T. Pratt,et al.  THE EMPIRICAL STATUS OF GOTTFREDSON AND HIRSCHI'S GENERAL THEORY OF CRIME: A META‐ANALYSIS , 2000 .

[26]  Alex R. Piquero,et al.  Specifying the direct and indirect effects of low self-control and situational factors in offenders' decision making: Toward a more complete model of rational offending , 1996 .

[27]  Harold G. Grasmick,et al.  Testing the Core Empirical Implications of Gottfredson and Hirschi's General Theory of Crime , 1993 .

[28]  Detmar W. Straub,et al.  Discovering and Disciplining Computer Abuse in Organizations: A Field Study , 1990, MIS Q..

[29]  Mikko T. Siponen,et al.  IS Security Policy Violations: A Rational Choice Perspective , 2012, J. Organ. End User Comput..

[30]  Mikko T. Siponen,et al.  Employees' Behavior towar ds IS Secur ity Policy Compliance , 2007 .

[31]  Irene M. Y. Woon,et al.  Forthcoming: Journal of Information Privacy and Security , 2022 .

[32]  Wynne W. Chin,et al.  A Partial Least Squares Latent Variable Modeling Approach for Measuring Interaction Effects: Results from a Monte Carlo Simulation Study and Voice Mail Emotion/Adoption Study , 1996, ICIS.

[33]  R. Paternoster,et al.  Sanction threats and appeals to morality : Testing a rational choice model of corporate crime , 1996 .

[34]  D. Nagin,et al.  Enduring individual differences and rational choice theories of crime , 1993 .

[35]  R. Bachman,et al.  The Rationality of Sexual Offending: Testing a Deterrence/Rational Choice Conception of Sexual Assault , 1992 .