HICSS '05 Proceedings of the Proceedings of the 38th Annual Hawaii International Conference on System Sciences - Volume 07
Privacy and Rationality in Individual Decision Making
IEEE Security and Privacy
Sociotechnical Architecture for Online Privacy
IEEE Security and Privacy
Punishment and ethics deterrents: A study of insider security contravention
Journal of the American Society for Information Science and Technology
Employees' Behavior towards IS Security Policy Compliance
HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Gaining Access with Social Engineering: An Empirical Study of the Threat
Information Systems Security
Information security tools and practices: what works?
IEEE Transactions on Computers
An integrative study of information systems security effectiveness
International Journal of Information Management: The Journal for Information Professionals
Building a better password: the role of cognitive load in information security training
ISI'09 Proceedings of the 2009 IEEE international conference on Intelligence and security informatics
Information security culture: a behaviour compliance conceptual framework
AISC '10 Proceedings of the Eighth Australasian Conference on Information Security - Volume 105
ACM Transactions on Management Information Systems (TMIS)
Influencing mental models of security: a research agenda
Proceedings of the 2011 workshop on New security paradigms workshop
Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model
Journal of Management Information Systems
Motivating IS security compliance: Insights from Habit and Protection Motivation Theory
Information and Management
Stories as informal lessons about security
Proceedings of the Eighth Symposium on Usable Privacy and Security
Information systems user security: A structured model of the knowing-doing gap
Computers in Human Behavior
A game design framework for avoiding phishing attacks
Computers in Human Behavior
A Composite Framework for Behavioral Compliance with Information Security Policies
Journal of Organizational and End User Computing
A Composite Framework for Behavioral Compliance with Information Security Policies
Journal of Organizational and End User Computing
Hi-index | 0.00 |
Organizations and individuals are increasingly impacted by misuses of information that result from security lapses. Most of the cumulative research on information security has investigated the technical side of this critical issue, but securing organizational systems has its grounding in personal behavior. The fact remains that even with implementing mandatory controls, the application of computing defenses has not kept pace with abusers' attempts to undermine them. Studies of information security contravention behaviors have focused on some aspects of security lapses and have provided some behavioral recommendations such as punishment of offenders or ethics training. While this research has provided some insight on information security contravention, they leave incomplete our understanding of the omission of information security measures among people who know how to protect their systems but fail to do so. Yet carelessness with information and failure to take available precautions contributes to significant civil losses and even to crimes. Explanatory theory to guide research that might help to answer important questions about how to treat this omission problem lacks empirical testing. This empirical study uses protection motivation theory to articulate and test a threat control model to validate assumptions and better understand the ''knowing-doing'' gap, so that more effective interventions can be developed.