Modeling IT ethics: a study in situational ethics
MIS Quarterly
Technical opinion: Information system security management in the new millennium
Communications of the ACM
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
Consumer trust in an Internet store
Information Technology and Management
Building Effective Online Marketplaces with Institution-Based Trust
Information Systems Research
Why there aren't more information security research studies
Information and Management
Security in the wild: user strategies for managing security as an everyday, practical problem
Personal and Ubiquitous Computing
Predicting the Usage of P2P Sharing Software: The Role of Trust and Perceived Risk
HICSS '05 Proceedings of the Proceedings of the 38th Annual Hawaii International Conference on System Sciences - Volume 07
Internet Users' Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model
Information Systems Research
Bridging the gap between organizational and user perspectives of security in the clinical domain
International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
A methodology for construct development in MIS research
European Journal of Information Systems - Special section: PACIS 2004
Password security: an empirical study
Journal of Management Information Systems
Punishment and ethics deterrents: A study of insider security contravention
Journal of the American Society for Information Science and Technology
Employees' Behavior towards IS Security Policy Compliance
HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
International Journal of Electronic Commerce
Computers in Human Behavior
Journal of Management Information Systems
User satisfaction with an internet-based portal: An asymmetric and nonlinear approach
Journal of the American Society for Information Science and Technology
Information Systems Research
Validating instruments in MIS research
MIS Quarterly
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
A Composite Framework for Behavioral Compliance with Information Security Policies
Journal of Organizational and End User Computing
A Composite Framework for Behavioral Compliance with Information Security Policies
Journal of Organizational and End User Computing
Hi-index | 0.00 |
End users are said to be "the weakest link" in information systems (IS) security management in the workplace. They often knowingly engage in certain insecure uses of IS and violate security policies without malicious intentions. Few studies, however, have examined end user motivation to engage in such behavior. To fill this research gap, in the present study we propose and test empirically a nonmalicious security violation (NMSV) model with data from a survey of end users at work. The results suggest that utilitarian outcomes (relative advantage for job performance, perceived security risk), normative outcomes (workgroup norms), and self-identity outcomes (perceived identity match) are key determinants of end user intentions to engage in NMSVs. In contrast, the influences of attitudes toward security policy and perceived sanctions are not significant. This study makes several significant contributions to research on security-related behavior by (1) highlighting the importance of job performance goals and security risk perceptions on shaping user attitudes, (2) demonstrating the effect of workgroup norms on both user attitudes and behavioral intentions, (3) introducing and testing the effect of perceived identity match on user attitudes and behavioral intentions, and (4) identifying nonlinear relationships between constructs. This study also informs security management practices on the importance of linking security and business objectives, obtaining user buy-in of security measures, and cultivating a culture of secure behavior at local workgroup levels in organizations.