BEHAVIORAL INFORMATION SECURITY: An Overview, Results, and Research Agenda

Human-Computer Interaction and Management Information Systems: Foundations

Volumn , Issue , 2015, Pages 262-280

  Stanton, Jeffrey M ^a   Stam, Kathryn R ^b,c   Mastrangelo, Paul M ^e   Jolton, Jeffrey A ^d  

^a VIRGINIA COMMONWEALTH UNIVERSITY   (United States)

^b SUNY POLYTECHNIC INSTITUTE   (United States)

^c Syracuse Information Security Evaluation project   (United States)

^d Genesee Survey Services   (United States)

^e NONE

Author keywords

Information Security; Organizational Psychology; Surveys

Indexed keywords

EID: 85139599019     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.4324/9781315703619-22     Document Type: Chapter

References (52)

1. Allen, N.J., and Meyer, J.P. The measurement and antecedents of affective, continuance, and normative commitment to the organization. Journal of Occupational Psychology, 63 (1990), 1-18.
2. Anderson, R.H.; Feldman, P.M.; Gerwehr, S.; Houghton, B.; Mesic, R.; Pinder, J.D.; Rothenberg, J.; and Chiesa, J. Securing the U.S. defense information infrastructure: A proposed approach. Washington, DC: Rand, 1999.
3. Anderson, R. A Security Policy Model for Clinical Information Systems. Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 6-8, 1996, pp. 30-43.
4. Armstrong, L.; Phillips, J.G.; and Saling, L.L. Potential determinants of heavier internet usage. International Journal of Human-Computer Studies, 53, 4 (2000), 537-550.
5. Bandura, A., and Wood, R. Effect of perceived controllability and performance standards on self-regulation of complex decision making. Journal of Personality and Social Psychology, 56 (1989), 805-814.
6. Caelli, W.; Longley. D.; and Shain, M. Information Security Handbook, New York: Stockton Press, 1991.
7. Clarke, R. Introduction to Information Security. Unpublished manuscript. Canberra, Australia: Australian National University, 2001 (available at http://www.anu.edu.au/people/Roger.Clarke/EC/IntroSecy.html).
8. Cohen, J. A power primer. Psychological Bulletin, 112, 1 (1992), 155-159.
9. David, J. Policy enforcement in the workplace. Computers and Security, 21, 6 (2002), 506-513.
10. Dhillon, G. (ed.) Information Security Management: Global Challenges in the New Millennium. Hershey, PA: Idea Group Publishing, 2001.
11. Ernst and Young LLP. Global Information Security Survey. London: Presentation Services, 2002.
12. Ettredge, M., and Richardson, V.J. Assessing the risk in e-commerce. Working Paper: University of Kansas, 2001 (available at: http://dlib2.computer.org/conferen/hicss/1435/pdf/14350194.pdf).
13. Gonzalez, J.J., and Sawicka, A. A framework for human factors in information security. Presented at the 2002 WSEAS Int. Conf. on Information Security, Rio de Janeiro, 2002 (available at http://ikt.hia.no/josejg/).
14. Gordon, L.A., and Loeb, M.P. The economics of information security investment. ACM Transactions on Information and System Security, 5, 4 (2002), 438-457.
15. Hawkins, S.M.; Yen, D.C.; and Chou, D.C. Disaster recovery planning: a strategy for data security. Information Management and Computer Security, 8, 5 (2000), 222-229.
16. Horowitz, A. Top 10 security mistakes. Computerworld, 35, 28, (2001).
17. Hull, S. People are the weak links in IT security. The Argus, April 16, 2002.
18. Karnopp, D., and Rosenberg, R.C. System Dynamics: A Unified Approach. New York: Wiley, 1975.
19. Lichtenstein, S., and Swatman, P.M.C. Internet acceptable usage policy for organizations. Information Management and Computer Security, 5, 5 (1997), 182-190.
20. Lindup, K.R. A new model for information security policies. Computer and Security, 14, 8 (1995), 691-695.
21. Loch, K.D., and Conger, S. (1996). Evaluating ethical decision-making and computer use. Communications of the ACM, 39 (7), 74-83.
22. Miles, D.E.; Borman, W.E.; Spector, P.E.; and Fox, S. Building an integrative model of extra role work behaviors: a comparison of counterproductive work behavior with organizational citizenship behavior. International Journal of Selection and Assessment, 10 (2002), 51-57.
23. Monrose, F., and Rubin, A. Authentication via keystroke dynamics. In 4th ACM Conference on Computer and Communications Security, Zurich, Switzerland. New York: ACM Press, 1997, pp. 48-56.
24. OECD. OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security. Organisation For Economic Co-Operation And Development, 2002 (available at: http://www.oecd.org/dataoecd/16/22/15582260.pdf).
25. Parasuraman, R., and Bowers, J.C. Attention and vigilance in human-computer interaction. In A. Gale and B. Christie (eds.), Psychophysiology of the Electronic Workplace. London: Wiley, 1987, pp. 163-194.
26. Perry, W.E. Management Strategies for Computer Security. Boston: Butterworth, 1985.
27. Proctor, R.W.; Lien, M.-C.; Vu, K.-P.L.; Schultz, E.E.; and Salvendy, G. Improving computer security for authentication of users: influence of proactive password restrictions. Behavior Research Methods, Instruments and Computers, 34, 2 (2002), 163-169.
28. Rivest, R.L.; Shamir, A.; Adleman, L.A. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21, 2 (1978), 120-126.
29. Salvendy, G. (ed.) Handbook of Human Factors. New York: Wiley-Interscience, 1987.
30. Scanlon, B. The weakest link. ZDNet Australia News and Technology, 2002 (available at: http://www.zdnet.com.au/newstech/security/story/0, 2000024985, 20241014-5, 00.htm).
31. Schneier, B. Applied Cryptography: Protocols, Algorithms, and Source Code in C, 2nd ed. New York: Wiley, 1995.
32. Schneier, B. Secrets and Lies. New York: Wiley, 2000.
33. Schultz, E.E. A framework for understanding and predicting insider attacks. Computers and Security, 21, 6 (2002), 526-531.
34. Security Wire Digest. CSI/FBI study says: security breaches on the rise. 2000 (available at http://www.lexias.com/1.0/securitywiredigest_27MAR2000.html).
35. Seleznyov, A.; Mazhelis, O.; and Puuronen, S. Learning temporal regularities of user behavior for anomaly detection. In V.I. Gorodetski, V.A. Skormin, and L.J. Popyack (eds.), Information Assurance in Computer Networks. Methods, Models and Architectures for Network Security. St. Petersburg, Russia: International Workshop MMM-ACNS, 2001, pp. 143-152.
36. Shaw, E.D.; Post, J.M.; and Ruby, K.G. Inside the mind of the insider. 2002 (available at: http://www.securitymanagement.com/library/000762.html).
37. Singh, H.; Furnell, S.; Lines, B.; and Dowland, P. Investigating and Evaluating Behavioural Profiling and Intrusion Detection Using Data Mining. In V.I. Gorodetski, V.A. Skormin, and L.J. Popyack (eds.), Information Assurance in Computer Networks. Methods, Models and Architectures for Network Security. St. Petersburg, Russia: International Workshop MMM-ACNS, 2001, pp. 153-158.
38. Siponen, M.T. On the role of human morality in information systems security. Information Resources Management Journal, 14, 4 (2001), 15-23.
39. Spurling, P. Promoting security awareness and commitment. Information Management and Computer Security, 3, 2 (1995), 20-26.
40. Stanton, J.M. Company profile of the frequent internet user: web addict or happy employee? Communications of the Association for Computing Machinery, 45, 1 (2002), 55-59.
41. Straub, D.W. Effective IS security: an empirical study. Information Systems Research, 1, 2 (1990), 255-277.
42. Straub, D.W., and Welke, R.J. Coping with systems risk: security planning models for management decision making. MIS Quarterly, 22, 4 (1998), 441-464.
43. Thomson, M.E., and von Solms, R. Information security awareness: educating our users effectively. Information Management and Computer Security, 6, 4 (1998), 167-173.
44. Trompeter, C.M., and Eloff, J.H.P. A framework for the implementation of socio-ethical controls in information security. Computers and Security, 20 (2001), 384-391.
45. Tudor, J.K. Information Security Architecture: An Integrated Approach to Security in the Organization. Boca Raton, FL: CRC Press, 2000.
46. Warman, A.R. Organizational computer security policy: the reality. European Journal of Information Systems, 1, 5 (1992), 305-310.
47. Wei, H.; Frinke, D.; Olivia, C.; and Ritter, C. Cost-Benefit Analysis for Network Intrusion Detection Systems. In Proceedings of the CSI 28th Annual Computer Security Conference, Washington, DC, October 2001.
48. Won, D. (ed.) Proceedings of the Third International Conference on Information Security and Cryptology (ICISC 2000). Berlin: Springer, 2001.
49. Wood, C.C. Writing infosec policies. Computer and Security, 14, 8 (1995), 667-674.
50. Wood, C.C. Constructing difficult-to-guess passwords. Information Management and Computer Security, 4, 1 (1996), 43-44.
51. Yan, J.; Blackwell, A.; Anderson, R.; and Grant, A. The Memorability and Security of Passwords-Some Empirical Results. Technical Report No. 500, Computer Laboratory, University of Cambridge, 2000 (available at http://www.ftp.cl.cam.ac.uk/ftp/users/rja14/tr500.pdf).
52. Yeung, D.-Y., and Ding, Y. (2002). User profiling for intrusion detection using dynamic and static behavioral models. In M.-S. Cheng, P.S. Yu, and B. Liu (eds.), Advances in Knowledge Discovery and Data Mining 6th Pacific-Asia Conference, PAKDD 2002, Taipei, Taiwan, May 6-8, 2002. Proceedings, 2002, pp. 494-505.