Issues and opinion on structural equation modeling
MIS Quarterly
Modeling IT ethics: a study in situational ethics
MIS Quarterly
Password security: an empirical study
Journal of Management Information Systems
The effect of computer self-efficacy on security training effectiveness
InfoSecCD '06 Proceedings of the 3rd annual conference on Information security curriculum development
An Introduction to Insider Threat Management
Information Systems Security
Computers in Human Behavior
Gaining Access with Social Engineering: An Empirical Study of the Threat
Information Systems Security
In a 'trusting' environment, everyone is responsible for information security
Information Security Tech. Report
Communications of the ACM - Finding the Fun in Computer Science Education
International Journal of Organizational and Collective Intelligence
Hi-index | 0.00 |
The corporate information systems users often engage in risky behavior that can threaten the security and integrity of an organization by exposing sensitive information or weakening the existing technological perimeter security. This risky user behavior can be intentional or unintentional, but in either case can cause severe damage to an organization's reputation as well as potentially extending harm to the organization's clients and customers. Information systems users not following the corporate security policies, even though they know the policies, is known as user omissive behavior, also known as the knowing-doing gap. This research examines the information assurance understanding and security awareness at the user level by developing a structured model of the user knowing-doing gap. The model examines the role of organizational narcissism and its affect on user attitudes towards following the organization's information security policies and procedures. It also includes perceived threat as a factor affecting user attitudes towards following information security rules, as well as subjective norms and perceived behavior control consistent with the theory of planned behavior. This structured model provides a framework and description of user information security behavior and the knowing-doing gap.