The curious incidence of security breaches by knowledgeable employees and the pivotal role a of security culture

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 8533 LNCS, Issue , 2014, Pages 361-372

  Renaud, Karen ^a   Goucher, Wendy ^a  

^a UNIVERSITY OF GLASGOW   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

ARTIFICIAL INTELLIGENCE; COMPUTER SCIENCE; COMPUTERS;

COMPUTER USERS; EDUCATION AND TRAINING; NUMBER OF FACTORS; SECURITY BREACHES; WEAKEST LINKS;

SECURITY OF DATA;

EID: 84903744055     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-319-07620-1_32     Document Type: Conference Paper

References (57)

1. Chia, P., Maynard, S., Ruighaver, A.: Understanding organizational security culture. In: Proceedings of PACIS 2002, Japan (2002)
2. Albrechtsen, E.: A qualitative study of users' view on information security. Computers & Security 26(4), 276-289 (2007)
3. Pahnila, S., Siponen, M., Mahmood, A.: Employees' behavior towards is security policy compliance. In: 40th Annual Hawaii International Conference on System Sciences, HICSS 2007, p. 156b. IEEE (2007)
4. Siponen, M., Pahnila, S., Mahmood, A.: Employees adherence to information security policies: an empirical study. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds.) New Approaches for Security, Privacy and Trust in Complex Environments. IFIP, vol. 232, pp. 133-144. Springer, Boston (2007)
5. Ross, B., Jackson, C., Miyake, N., Boneh, D., Mitchell, J.C.: Stronger password authentication using browser extensions. In: Proceedings of the 14th Usenix Security Symposium, vol. 1998 (2005)
6. Gaunt, N.: Practical approaches to creating a security culture. International Journal of Medical Informatics 60(2), 151-157 (2000)
7. Gundu, T., Flowerday, S.V.: The enemy within: A behavioural intention model and an information security awareness process. In: Information Security for South Africa (ISSA), pp. 1-8. IEEE (2012)
8. Skinner, B.F.: Beyond freedom and dignity. Bantam Vintage (1972)
9. Locke, J.: Some thoughts concerning education. In: Eliot, C.W. (ed.) The Harvard Classics, ch. XXXVII. P.F. Collier & Son, New York (1909-1914)
10. Gloucestershire Citizen, Poundland staff in Gloucester given 10p discount for Christmas bonus (December 22, 2013), http://www.gloucestercitizen.co.uk/ Poundland-staff-Gloucester-given-10p-discount/story-20353454-detail/story.html
11. Hawkes, S.: IKEA rewards thousands of staff with pension bonus. The Telegraph (December 19, 2013)
12. Taylor, F.W.: The principles of scientific management, New York, vol. 202 (1911)
13. Maslow, A.H.: A theory of human motivation. Psychological Review 50(4), 370 (1943)
14. Roe, A.: Section of psychology: Personality and vocation. Transactions of the New York Academy of Sciences 9(7 Series II), 257-267 (1947)
15. Rock, D.: SCARF: a brain-based model for collaborating with and influencing others. NeuroLeadership Journal 1(1), 44-52 (2008)
16. Lopes, H.: Why do people work? Individual wants versus common goods. Journal of Economic Issues 45(1), 57-74 (2011)
17. Deci, E.L.: Intrinsic motivation, extrinsic reinforcement, and inequity. Journal of Personality and Social Psychology 22(1), 113 (1972)
18. Pink, D.H.: The surprising truth about what motivates us. Soundview Executive Book Summaries (2010)
19. Ryff, C.D., Keyes, C.L.M.: The structure of psychological well-being revisited. Journal of Personality and Social Psychology 69(4), 719 (1995)
20. Adams, J.S.: Inequity in social exchange. Advances in Experimental Social Psychology 2, 267-299 (1965)
21. Ajzen, I.: From intentions to actions: A theory of planned behavior. Springer (1985)
22. Norman, D.A.: Cognitive engineering. In: User Centered System Design, pp. 31-61 (1986)
23. Webb, T.L., Sheeran, P.: Integrating concepts from goal theories to understand the achievement of personal goals. European Journal of Social Psychology 35(1), 69-96 (2005)
24. Cooke, R., Sheeran, P.: Moderation of cognition-intention and cognition-behaviour relations: A meta-analysis of properties of variables from the theory of planned behaviour. British Journal of Social Psychology 43(2), 159-186 (2004)
25. Dinev, T., Hu, Q.: The centrality of awareness in the formation of user behavioral intention toward preventive technologies in the context of voluntary use. In: The Fourth Annual Workshop on HCI Research in MIS, International Conference of Information Systems, ICIS (2005)
26. Bentler, P.M., Speckart, G.: Models of attitude-behavior relations. Psychological Review 86(5), 452 (1979)
27. Herath, T., Rao, H.R.: Protection motivation and deterrence: a framework for security policy compliance in organisations. European Journal of Information Systems 18(2), 106- 125 (2009)
28. Hedstrom, K., Karlsson, F., Kolkowska, E.: Social action theory for understanding information security non-compliance in hospitals: The importance of user rationale. Information Management & Computer Security 21(4), 266-287 (2013)
29. Maddux, J.E., Rogers, R.W.: Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change. Journal of Experimental Social Psychology 19(5), 469- 479 (1983)
30. Vroom, V.H., Yetton, P.W.: Leadership and decision-making. University of Pittsburgh Press (1973)
31. Liu, C., Marchewka, J.T., Lu, J., Yu, C.-S.: Beyond concern: a privacy-trust-behavioral intention model of electronic commerce. Information & Management 42(1), 127-142 (2004)
32. Damond, M.E., Breuer, N.L., Pharr, A.E.: The evaluation of setting and a culturally specific HIV/AIDS curriculum: HIV/AIDS knowledge and behavioral intent of african american adolescents. Journal of Black Psychology 19(2), 169-189 (1993)
33. Goo, J., Yim, M.-S., Kim, D.J.: A path way to successful management of individual intention to security compliance: A role of organizational security climate. In: 2013 46th Hawaii International Conference on System Sciences (HICSS), pp. 2959-2968. IEEE (2013)
34. Renaud, K., Goucher, W.: Health service employees and information security policies: an uneasy partnership? Information Management & Computer Security 20(4), 296-311 (2012)
35. Shelton, D.: Commitment and compliance: The role of non-binding norms in the international legal system. Oxford University Press (2003)
36. Steel, R.P., Ovalle, N.K.: A review and meta-analysis of research on the relationship between behavioral intentions and employee turnover. Journal of Applied Psychology 69(4), 673 (1984)
37. Christophel, D.M.: The relationships among teacher immediacy behaviors, student motivation, and learning. Communication Education 39(4), 323-340 (1990)
38. Whitby, M., McLaws, M.-L., Ross, M.W.: Why healthcare workers don't wash their hands: a behavioral explanation. Infection Control and Hospital Epidemiology 27(5), 484-492 (2006)
39. Bakker, A.B., Demerouti, E., Verbeke, W.: Using the job demands-resources model to predict burnout and performance. Human Resource Management 43(1), 83-104 (2004)
40. Furnell, S., Rajendran, A.: Understanding the influences on information security behaviour. Computer Fraud & Security 2012(3), 12-15 (2012)
41. Ashenden, D., Sasse, A.: CISOs and organisational culture: Their own worst enemy? Computers & Security 39, 396-405 (2013)
42. Van Niekerk, J., Von Solms, R.: Information security culture: A management perspective. Computers & Security 29(4), 476-486 (2010)
43. Leach, J.: Improving user security behaviour. Computers & Security 22(8), 685-692 (2003)
44. Pornpitakpan, C.: The persuasiveness of source credibility: A critical review of five decades' evidence. Journal of Applied Social Psychology 34(2), 243-281 (2004)
45. Furnell, S., Thomson, K.-L.: From culture to disobedience: Recognising the varying user acceptance of it security. Computer Fraud & Security 2009(2), 5-10 (2009)
46. Schelly, C., Cross, J.E., Franzen, W.S., Hall, P., Reeve, S.: Reducing energy consumption and creating a conservation culture in organizations: A case study of one public school district. Environment and Behavior 43(3), 316-343 (2011)
47. Webb, T.L., Sheeran, P.: Does changing behavioral intentions engender behavior change? a meta-analysis of the experimental evidence. Psychological Bulletin 132(2), 249 (2006)
48. Walton, R.E.: From control to commitment in the workplace. In: The Sociology of Organizations: Classic, Contemporary, and Critical Readings, pp. 114-122. Sage Publications, California (2003)
49. Singh, A.N., Picot, A., Kranz, J., Gupta, M., Ojha, A.: Information security management (ism) practices: Lessons from select cases from India and Germany. Global Journal of Flexible Systems Management 14(4), 225-239 (2013)
50. Foubert, J.D.: The longitudinal effects of a rape-prevention program on fraternity mens attitudes, behavioral intent, and behavior. Journal of American College Health 48, 158- 163 (2000)
51. Ouellette, J.A., Wood, W.: Habit and intention in everyday life: the multiple processes by which past behavior predicts future behavior. Psychological Bulletin 124(1), 54 (1998)
52. Gollwitzer, P.M., Bayer, U.C., McCulloch, K.C.: The control of the unwanted. In: The New Unconscious, pp. 485-515 (2005)
53. Thomson, K.-L., von Solms, R., Louw, L.: Cultivating an organizational information security culture. Computer Fraud & Security 2006(10), 7-11 (2006)
54. Rivis, A., Sheeran, P.: Descriptive norms as an additional predictor in the theory of planned behaviour: A meta-analysis. Current Psychology 22(3), 218-233 (2003)
55. Sheppard, B.H., Hartwick, J., Warshaw, P.R.: The theory of reasoned action: A meta-analysis of past research with recommendations for modifications and future research. Journal of Consumer Research, 325-343 (1988)
56. Feldman, D.C.: The development and enforcement of group norms. Academy of Management Review 9(1), 47-53 (1984)
57. Knapp, K.J., Marshall, T.E., Rainer, R.K., Ford, F.N.: Information security: management's effect on culture and policy. Information Management & Computer Security 14(1), 24-36 (2006)