Ethical attitudes of entry-level MIS personnel
Information and Management
Multivariate data analysis (4th ed.): with readings
Multivariate data analysis (4th ed.): with readings
Modeling IT ethics: a study in situational ethics
MIS Quarterly
Does electronic monitoring of employee internet usage work?
Communications of the ACM - Internet abuse in the workplace and Game engines in scientific research
Monitoring for pornography and sexual harassment
Communications of the ACM - Internet abuse in the workplace and Game engines in scientific research
Computer Security Management
Fighting Computer Crime
Morality and Computers: Attitudes and Differences in Judgments
Information Systems Research
Enemy at the gate: threats to information security
Communications of the ACM - Program compaction
An Intention Model-based Study of Software Piracy
HICSS '99 Proceedings of the Thirty-second Annual Hawaii International Conference on System Sciences-Volume 5 - Volume 5
The impact of deterrent countermeasures upon individual intent to commit misuse: a behavioral approach
Policy and its impact on medical record security
Policy and its impact on medical record security
An integrative model of computer abuse based on social control and general deterrence theories
Information and Management
Punishment and ethics deterrents: A study of insider security contravention
Journal of the American Society for Information Science and Technology
Preventive and deterrent controls for software piracy
Journal of Management Information Systems
Principles of Information Security
Principles of Information Security
Clarifying the effects of internet monitoring on job attitudes: the mediating role of employee trust
Information and Management
Relational Antecedents of Information Flow Integration for Supply Chain Coordination
Journal of Management Information Systems
Why Do Internet Users Stick with a Specific Web Site? A Relationship Perspective
International Journal of Electronic Commerce
Software Piracy in the Workplace: A Model and Empirical Test
Journal of Management Information Systems
In defense of the realm: understanding the threats to information security
International Journal of Information Management: The Journal for Information Professionals
An integrative study of information systems security effectiveness
International Journal of Information Management: The Journal for Information Professionals
Does deterrence work in reducing information security policy abuse by employees?
Communications of the ACM
Punishment, Justice, and Compliance in Mandatory IT Settings
Information Systems Research
Information and Management
Safe Contexts for Interorganizational Collaborations Among Homeland Security Professionals
Journal of Management Information Systems
Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model
Journal of Management Information Systems
Institutional Influences on Information Systems Security Innovations
Information Systems Research
The effects of multilevel sanctions on information security violations: A mediating model
Information and Management
Information and Management
Explaining investors' reaction to internet security breach using deterrence theory
International Journal of Electronic Finance
The effects of sanctions and stigmas on cyberloafing
Computers in Human Behavior
Journal of Organizational and End User Computing
IS Security Policy Violations: A Rational Choice Perspective
Journal of Organizational and End User Computing
Understanding insiders: An analysis of risk-taking behavior
Information Systems Frontiers
Information and Management
Determining the antecedents of digital security practices in the general public dimension
Information Technology and Management
A Composite Framework for Behavioral Compliance with Information Security Policies
Journal of Organizational and End User Computing
Journal of Organizational and End User Computing
A Composite Framework for Behavioral Compliance with Information Security Policies
Journal of Organizational and End User Computing
Journal of Organizational and End User Computing
Employees' adherence to information security policies: An exploratory field study
Information and Management
Information security strategies: towards an organizational multi-strategy perspective
Journal of Intelligent Manufacturing
Hi-index | 0.02 |
Intentional insider misuse of information systems resources (i.e., IS misuse) represents a significant threat to organizations. For example, industry statistics suggest that between 50%--75% of security incidents originate from within an organization. Because of the large number of misuse incidents, it has become important to understand how to reduce such behavior. General deterrence theory suggests that certain controls can serve as deterrent mechanisms by increasing the perceived threat of punishment for IS misuse. This paper presents an extended deterrence theory model that combines work from criminology, social psychology, and information systems. The model posits that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention. The model is then tested on 269 computer users from eight different companies. The results suggest that three practices deter IS misuse: user awareness of security policies; security education, training, and awareness (SETA) programs; and computer monitoring. The results also suggest that perceived severity of sanctions is more effective in reducing IS misuse than certainty of sanctions. Further, there is evidence that the impact of sanction perceptions vary based on one's level of morality. Implications for the research and practice of IS security are discussed.