Abstract
This article examines the occurrences of four types of unethical employee information security behavior—misbehavior in networks/applications, dangerous Web use, omissive security behavior, and poor access control—and their relationships with employees’ information security management efforts to maintain sustainable information systems in the workplace. In terms of theoretical contributions, this article identifies and develops reliable and valid instruments to measure different types of unethical employee information security behavior. In addition, it investigates factors affecting different types of such behavior and how such behavior can be used to predict employees’ willingness to report information security incidents. In terms of managerial contributions, the article suggests that information security awareness programs and perceived punishment have differential effects on the four types of unethical behavior and that certain types of unethical information security behavior exert negative effects on employees’ willingness to report information security incidents. The findings will help managers to derive better security rules and policies, which are important for business continuity.
Highlights
Organizations have been increasingly using information technology (IT) to enhance business operations and decision-making processes and information security is one of the most pressing issues facing organizations worldwide, influencing organizational sustainable information systems and business continuity [1]
Punishment severity reduced the occurrence of the four types of unethical information security behavior but information security awareness programs only reduced the occurrence of omissive security behavior and poor access control
We adopt agency theory to examine the influences of information security awareness programs and punishment severity on the four types of behavior in terms of influencing information security management and, in turn, whether they exert negative effects on employees’ willingness to report information security incidents
Summary
Organizations have been increasingly using information technology (IT) to enhance business operations and decision-making processes and information security is one of the most pressing issues facing organizations worldwide, influencing organizational sustainable information systems and business continuity [1]. Many managers and employees do not pay sufficient attention to information security issues in their organizations [2]. The computer systems of most organizations are far less secure than they should be, and damages due to information security breaches are on the rise [3]. Employees are the weakest link in information security and the root cause of information security breaches, either because they engage in unethical activities in the workplace that threaten organizational information security or because they provide opportunities for computer hackers to attack or hack into their organization’s computers [4,5]. The objectives of this research were to (a) develop a short battery of self-report instruments for an assessment of unethical information security behavior and (b) establish a theoretical model linking factors affecting such behavior and its effects to employees’ security efforts to maintain sustainable organizational information systems
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
