Using event-related brain potentials to explore the temporal dynamics of decision-making related to information security.

Abstract

Insider threat from individuals operating within an organization presents a significant source of violations of information security. Our previous research has used scalp recorded event-related brain potentials (ERPs) and the Information Security Paradigm (ISP) to identify the neural correlates of decision-making processes related to violations of information security. In the current study, we sought to expand this research by examining the effects of two variables that were drawn from the broader decision-making literature (i.e., the benefactor and delay of a reward) on ERPs measured in the ISP. In the ISP we varied whether Josh—a hypothetical IT specialist—or a significant other was the benefactor of a violation, and whether the benefit of a violation was received after a short or long delay. The choice data revealed that individuals were less likely to endorse an unethical action than a control action. The electrophysiological data revealed ERPs that differentiated ethical scenarios from control scenarios between 200 and 2,000 ms after onset of the decision prompt, distributed over the occipital, central, and lateral frontal regions of the scalp. These ERPs were insensitive to the benefactor and delay of the reward. In contrast, there was slow wave activity over the frontal-polar region that was sensitive to both variables. The current findings provide evidence for separable neural systems that are either generally related to ethical decision-making in the ISP or are sensitive to the benefactor or delay of a reward resulting from an unethical decision.