User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach
成果类型:
Review
署名作者:
D'Arcy, John; Hovav, Anat; Galletta, Dennis
署名单位:
University of Notre Dame; Korea University; Pennsylvania Commonwealth System of Higher Education (PCSHE); University of Pittsburgh
刊物名称:
INFORMATION SYSTEMS RESEARCH
ISSN/ISSBN:
1047-7047
DOI:
10.1287/isre.1070.0160
发表日期:
2009
页码:
79-98
关键词:
common method variance
computer abuse
shoplifting prevention
perceived certainty
general deterrence
insider threat
ETHICS
MODEL
attitudes
severity
摘要:
Intentional insider misuse of information systems resources (i.e., IS misuse) represents a significant threat to organizations. For example, industry statistics suggest that between 50%-75% of security incidents originate from within an organization. Because of the large number of misuse incidents, it has become important to understand how to reduce such behavior. General deterrence theory suggests that certain controls can serve as deterrent mechanisms by increasing the perceived threat of punishment for IS misuse. This paper presents an extended deterrence theory model that combines work from criminology, social psychology, and information systems. The model posits that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention. The model is then tested on 269 computer users from eight different companies. The results suggest that three practices deter IS misuse: user awareness of security policies; security education, training, and awareness (SETA) programs; and computer monitoring. The results also suggest that perceived severity of sanctions is more effective in reducing IS misuse than certainty of sanctions. Further, there is evidence that the impact of sanction perceptions vary based on one's level of morality. Implications for the research and practice of IS security are discussed.
来源URL: