Skip to main content
SpringerLink
Log in

Analyzing Information Security Among Nonmalicious Employees

  • Conference paper
  • First Online:
Intelligent Systems and Networks (ICISN 2023)

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 752))

Included in the following conference series:

  • 322 Accesses

Abstract

Insider threats pose a significant risk to organizational data security, and many organizations implement information security policies (ISPs) to reduce insider threats. This study used the unified theory of acceptance and use of technology 2 (UTAUT2) to examine factors that predict compliance among nonmalicious employees. A partial least squares structural equation modeling approach was used to examine survey data collected from N = 158 nonmalicious employees. The analysis indicated that social influence and facilitating conditions were the only UTAUT2 factors significantly predicting nonmalicious employees’ compliance. The study’s findings suggest that organizations should focus on building workplace cultures emphasizing ISP compliance’s social importance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 259.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 329.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. AlGhamdi, S., Win, K.T., Vlahu-Gjorgievska, E.: Information security governance challenges and critical success factors: systematic review. Comput. Secur. 99(12), 102030 (2020). https://doi.org/10.1016/j.cose.2020.102030

  2. AlMhiqani, M.N., et al.: A new taxonomy of insider threats: an initial step in understanding authorised attack. Int. J. Inf. Syst. Manage. 1(4), 343–359 (2018). https://doi.org/10.1504/IJISAM.2018.094777

    Article  Google Scholar 

  3. Alotaibi, M.J., Furnell, S., Clarke, N.: A framework for reporting and dealing with end-user security policy compliance. Inf. Comput. Secur. 27(1), 2–25 (2019). https://doi.org/10.1108/ICS-12-2017-0097

    Article  Google Scholar 

  4. Alqahtani, M., and Braun, R.: Reviewing influence of UTAUT2 factors on cyber security compliance: a literature review. J. Inf. Assur. Cyber Secur. 2021, 666987 (2021b). https://doi.org/10.5171/2021.666987

  5. Alsowail, R.A., Al-Shehari, T.: Empirical detection techniques of insider threat incidents. IEEE Access 8, 7838–78402 (2020). https://doi.org/10.1109/ACCESS.2020.2989739

    Article  Google Scholar 

  6. Amankwa, E., Loock, M., Kritzinger, E.: Establishing information security policy compliance culture in organizations. Inf. Comput. Secur. 26(4), 420–436 (2018). https://doi.org/10.1108/ICS-09-2017-0063

    Article  Google Scholar 

  7. Aurigemma, S., Mattson, T.: Exploring the effect of uncertainty avoidance on taking voluntary protective security actions. Comput. Secur. 73(3), 219–234 (2018). https://doi.org/10.1016/j.cose.2017.11.001

    Article  Google Scholar 

  8. Chen, L., Zhen, J., Dong, K., Xie, Z.: Effects of sanction on the mentality of information security policy compliance. Rivista Argentina de Clınica Psicologica. 29(1), 39–49 (2020). https://doi.org/10.24205/03276716.2020.6

  9. Chen, X., Wu, D., Chen, L., Teng, J.K.L.L.: Sanction severity and employees’ information security policy compliance: investigating mediating, moderating, and control variables. Inf. Manage. 55(8), 1049–1060 (2018). https://doi.org/10.1016/j.im.2018.05.011

    Article  Google Scholar 

  10. Cram, W.A., Proudfoot, J.G., D’Arcy, J.: Organizational information security policies: a review and research framework. Eur. J. Inf. Syst. 26(6), 605–641 (2017). https://doi.org/10.1057/s41303-017-0059-9

    Article  Google Scholar 

  11. D’Arcy, J., Lowry, P.B.: Cognitive-affective drivers of employees’ daily compliance with information security policies: a multilevel, longitudinal study. Inf. Syst. J. 29(1), 43–69 (2019). https://doi.org/10.1111/isj.12173

  12. Elifoglu, H., Abel, I., Tasseven, Q.: Minimizing insider. threat risk with behavioral monitoring. Rev. Bus. 38(2), 61–74(2018). https://www.ignited.global/case/business/minimizing-insider-threat-risk-behavioural-monitoring

  13. Glasofer, A., Townsend, A.B.: Determining the level of evidence: Nonexperimental research designs. Nursing Critical Care 15(1), 24–27 (2020). https://doi.org/10.1097/01.CCN.0000612856.94212.9b

    Article  Google Scholar 

  14. Gratian, M., Bandi, S., Cukier, M., Dykstra, J., and Ginther, A. (2018). Correlating human traits and cyber security behavior intentions. Computers and Security, 73(3), 345–358. https://doi.org/10.1016/j.cose.2017.11.015

  15. Hadlington, Lee: The “human factor” in cybersecurity: Exploring the accidental insider. In: McAlaney, John, Frumkin, Lara A., Benson, Vladlena (eds.) Psychological and Behavioral Examinations in Cyber Security:, pp. 46–63. IGI Global (2018). https://doi.org/10.4018/978-1-5225-4053-3.ch003

    Chapter  Google Scholar 

  16. Hina, S., Panneer Selvam, D.D.D., Lowry, P.B.: Institutional governance and protection motivation: theoretical insights into shaping employees’ security compliance behavior in higher education institutions in the developing world. Comput. Secur. 87(11), 101594 (2019). https://doi.org/10.1016/j.cose.2019.101594

  17. Homoliak, I., Toffalini, F., Guarnizo, J., Elovici, Y., Ochoa, M.: Insight into insiders and it: a survey of insider threat taxonomies, analysis, modeling, and countermeasures. ACM Comput. Surv. 52(2), 1–40 (2019). https://doi.org/10.1145/3303771

    Article  Google Scholar 

  18. Ifinedo, P.: Effects of organization insiders’ self-control and relevant knowledge on participation in information systems security deviant behavior. In: SIGMIS-CPR 2017: Proceedings of the 2017 ACM SIGMIS Conference on Computers and People Research, pp. 79–86. Association for Computing Machinery (2017). https://doi.org/10.1145/3084381.3084384

  19. Kim, A., Oh, J., Ryu, J., Lee, K.: A review of insider threat detection approaches with IoT perspective. IEEE Access, 8, 78847–78867 (2020). https://doi.org/10.1109/ACCESS.2020.2990195

  20. Lee, H.-J., Kho, H.-S., Roh, E.-H., and Han, K.-S.: A study on the fac tors of experience and habit on information security behavior of new services – based on PMT and UTAUT2. J. Digital Contents Soc. 19(1), 93–102 (2018). https://doi.org/10.9728/dcs.2018.19.1.93

  21. Mamonov, S., Benbunan-Fich, R.: The impact of information security threat awareness on privacy-protective behaviors. Comput. Human Behav. 83, 32–44 (2018). https://doi.org/10.1016/j.chb.2018.01.028

    Article  Google Scholar 

  22. Muller, S.R., Burrell, D.N.: social cybersecurity and human behavior. Int, J. Hyperconnect. Internet of Things 6(1), 1–13 (2022). https://doi.org/10.4018/IJHIoT.305228

    Article  Google Scholar 

  23. Muller, S.R., Lind, M.L.: Factors in information assurance professionals’ intentions to adhere to information security policies. Int. J. Syst. Softw. Secur. Protect. 11(1), 17–32 (2020). https://doi.org/10.4018/IJSSSP.2020010102

    Article  Google Scholar 

  24. Paananen, H., Lapke, M., and Siponen, M.: State of the art in information security policy development. Comput. Secur. 88(1), 101608 (2020). https://doi.org/10.1016/j.cose.2019.101608

  25. Prabhu, S., Thompson, N.: A unified classification model of in- sider threats to information security [paper presentation]. In: ACIS 2020: 31st Australasian Conference on Information Systems, Wellington, New Zealand (2020). http://hdl.handle.net/20.500.11937/81763

  26. Rahimian, F., Bajaj, A., Bradley, W.: Estimation of deficiency risk and prioritization of information security controls: a data-centric approach. Int. J. Account. Syst. 20, 38–64 (2016). https://doi.org/10.1016/j.accinf.2016.01.004

    Article  Google Scholar 

  27. Safa, N.S., Maple, C., Watson, T., Von Solms, R.: Motivation and opportunity-based model to reduce information security insider threats in organisations. J. Inf. Secur. Appl. 40(6), 247–257 (2018). https://doi.org/10.1016/j.jisa.2017.11.001

    Article  Google Scholar 

  28. Theis, M.C., et al.: Common sense guide to mitigating insider threats (6th ed). Software Engineering Institute (2019). https://doi.org/10.1184/R1/12363665.v1

  29. U.S. Bureau of Labor Statistics. (2022b, January 20). Labor force statistics from the current population survey: Employment status of the civilian noninstitutional population by age, sex, and race. https://www.bls.gov/cps/cpsaat11.htm

  30. Venkatesh, V., Thong, J.Y.L., Xu, X.: Consumer acceptance and use of information technology: extending the unified theory of acceptance and use of technology. MIS Q. 36, 157–178 (2012). https://doi.org/10.2307/41410412

    Article  Google Scholar 

  31. Wang,X., Tan, Q., Shi, J., Su, S., Wang, M.: Insider threat detection us- ing characterizing user behavior. In: 2018 IEEE Third International Conference on Data Science in Cyberspace, 2018, pp. 476–482 (2018). https://doi.org/10.1109/DSC.2018.00077

  32. Yang, J., Zhang, Y., Lanting, C.J.M.: Exploring the impact of QR codes in authentication protection: a study based on PMT and TPB. Wireless Pers. Commun. 96(4), 5315–5334 (2017). https://doi.org/10.1007/s11277-016-3743-5

    Article  Google Scholar 

  33. Zeng, N., Liu, Y., Gong, P., Hertogh, M., König, M.: Do right PLS and do PLS right: a critical review of the application of PLS-SEM in construction management research. Front. Eng. Manage. 8(3), 356–369 (2021). https://doi.org/10.1007/s42524-021-0153-5

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Capitol Technology University, Laurel, MD, 20708, USA

    Elerod D. Morris

  2. Arizona State University, Mesa, AZ, 85212, USA

    S. Raschid Muller

Authors
  1. Elerod D. Morris
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. S. Raschid Muller
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to S. Raschid Muller .

Editor information

Editors and Affiliations

  1. A1 Building, Hanoi University of Industry, Bac Tu Liem, Hanoi, Vietnam

    Thi Dieu Linh Nguyen

  2. School of Engineering and Technology, Universidad Internacional De La Rioja, Logroño (La Rioja), Spain

    Elena Verdú

  3. Swinburne University of Technology, Hanoi, Vietnam

    Anh Ngoc Le

  4. Warsaw University of Technology, Warsaw, Poland

    Maria Ganzha

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Morris, E.D., Muller, S.R. (2023). Analyzing Information Security Among Nonmalicious Employees. In: Nguyen, T.D.L., Verdú, E., Le, A.N., Ganzha, M. (eds) Intelligent Systems and Networks. ICISN 2023. Lecture Notes in Networks and Systems, vol 752. Springer, Singapore. https://doi.org/10.1007/978-981-99-4725-6_74

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-4725-6_74

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-4724-9

  • Online ISBN: 978-981-99-4725-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation