Non-Compliant Mobile Device Usage and Information Systems Security: A Bystander Theory Perspective

2021 ◽  
pp. 1689-1714
Author(s):  
Narasimha Paravastu ◽  
Claire A. Simmers ◽  
Murugan Anandarajan
Keyword(s):  
Information Systems ◽  
Mobile Device ◽  
Protection Motivation ◽  
Security Threat ◽  
Evaluation Apprehension ◽  
Threat Perceptions ◽  
Systems Security ◽  
Is Security ◽  
Perceived Security ◽  
Personal Use

This study tested the context of employees using their devices for both work and personal use, and non-compliant device usage of a person potentially resulting in Information Systems (IS) security threat to personal as well as work data and/or the devices. Integrating bystander and protection motivation theory (PMT) perspectives this paper studies bystanders' responses to IS security threats and the extent to which a perceived security threat motivates individual intention to act, in the context of non-compliant mobile device usage behaviors. It tests the role of an individual's threat perceptions to protect their own IS security, and as a bystander, protecting their peers or the IS security of their organization. Data collected from 431 individuals support the hypotheses that security awareness predicts perceived severity and protection motivation. Evaluation apprehension and diffusion of responsibility inhibit bystander's intentions to act against non-compliant mobile device usage behaviors, while awareness facilitates it. Theoretical contributions and practical implications of the research are discussed.

Non-Compliant Mobile Device Usage and Information Systems Security: A Bystander Theory Perspective

2018 ◽  
Vol 9 (1) ◽  
pp. 1-25
Author(s):  
Narasimha Paravastu ◽  
Claire A. Simmers ◽  
Murugan Anandarajan
Keyword(s):  
Information Systems ◽  
Mobile Device ◽  
Protection Motivation ◽  
Security Threat ◽  
Evaluation Apprehension ◽  
Perceived Severity ◽  
Threat Perceptions ◽  
Is Security ◽  
Perceived Security ◽  
Personal Use

This study tested the context of employees using their devices for both work and personal use, and non-compliant device usage of a person potentially resulting in Information Systems (IS) security threat to personal as well as work data and/or the devices. Integrating bystander and protection motivation theory (PMT) perspectives this paper studies bystanders' responses to IS security threats and the extent to which a perceived security threat motivates individual intention to act, in the context of non-compliant mobile device usage behaviors. It tests the role of an individual's threat perceptions to protect their own IS security, and as a bystander, protecting their peers or the IS security of their organization. Data collected from 431 individuals support the hypotheses that security awareness predicts perceived severity and protection motivation. Evaluation apprehension and diffusion of responsibility inhibit bystander's intentions to act against non-compliant mobile device usage behaviors, while awareness facilitates it. Theoretical contributions and practical implications of the research are discussed.

Fear Appeals, Threat Perceptions, and Protection Motivation in Information Systems Security

2015 ◽  
pp. 4310-4316
Author(s):  
Narasimha Paravastu ◽  
Murugan Anandarajan
Keyword(s):  
Information Systems ◽  
Protection Motivation Theory ◽  
Fear Appeals ◽  
Protection Motivation ◽  
Motivation Theory ◽  
Information Systems Security ◽  
Security Threat ◽  
Threat Perceptions ◽  
Systems Security ◽  
Managerial Implications

Information security is important for organizations as well as individuals from the perspective of protection from data breaches, identity theft, malware and infections, hacking etc. This article presents the framework of Protection Motivation Theory and its constructs, and then reviews the past IS Literature on information systems security, from a protection motivation perspective. Specifically this article tries to explain how individuals perceive a fear appeal in an information systems security threat, and how the protection motivation framework of fear, threat perceptions of severity and vulnerability, impact the coping intentions of individuals to protect themselves from information systems security threats. This article further discusses the theoretical and managerial implications of protection motivation theory as it applies to information systems security.

scholarly journals Protection Motivation Theory in Information Systems Security Research

2021 ◽  
Vol 52 (2) ◽  
pp. 25-67
Author(s):  
Steffi Haag ◽  
Mikko Siponen ◽  
Fufan Liu
Keyword(s):  
Information Systems ◽  
Protection Motivation Theory ◽  
Protection Motivation ◽  
Security Threats ◽  
Motivation Theory ◽  
Road Map ◽  
Systems Security ◽  
Security Research ◽  
Is Security ◽  
New Research

Protection motivation theory (PMT) is one of the most commonly used theories to examine information security behaviors. Our systematic review of the application of PMT in information systems (IS) security and the comparison with its application for decades in psychology identified five categories of important issues that have not yet been examined in IS security research. Discussing these issues in terms of why they are relevant and important for IS security, and to what extent IS research has not considered them, offers new research opportunities associated with the study of PMT and IS security threats. We suggest how future studies can approach each of the open issues to provide a new road map for quantitative and qualitative IS scholars.

Information Systems Security

2008 ◽  
pp. 195-230
Author(s):  
Frederick Ip ◽  
Yolande E. Chan
Keyword(s):  
Information Systems ◽  
Organizational Performance ◽  
Security Threats ◽  
Educational Organizations ◽  
Information Systems Security ◽  
Security Breaches ◽  
Financial Firms ◽  
Systems Security ◽  
Is Security ◽  
Perceived Security

This study assists organizations and researchers in examining investments in IS security. A questionnaire was developed and administered to managers in Canadian financial firms and educational organizations. The survey examined security threats and the countermeasures adopted by organizations to prevent and respond to security breaches. Data gathered were used to investigate the relationships between investment in security, perceived security, and organizational performance.

scholarly journals Understanding Internal Information Systems Security Policy Violations as Paradoxes

10.28945/3639 ◽  
2017 ◽  
Vol 12 ◽  
pp. 001-015 ◽  
Author(s):  
Kennedy Njenga
Keyword(s):  
Information Systems ◽  
Security Policy ◽  
Management Practice ◽  
Future Research ◽  
Organizational Contexts ◽  
Organizational Settings ◽  
Learning Paradox ◽  
Systems Security ◽  
Is Security ◽  
Internal Information

Aim/Purpose: Violations of Information Systems (IS) security policies continue to generate great anxiety amongst many organizations that use information systems, partly because these violations are carried out by internal employees. This article addresses IS security policy violations in organizational settings, and conceptualizes and problematizes IS security violations by employees of organizations from a paradox perspective. Background: The paradox is that internal employees are increasingly being perceived as more of a threat to the security of organizational systems than outsiders. The notion of paradox is exemplified in four organizational contexts of belonging paradox, learning paradox, organizing paradox and performing paradox. Methodology : A qualitative conceptual framework exemplifying how IS security violations occur as paradoxes in context to these four areas is presented at the end of this article. Contribution: The article contributes to IS security management practice and suggests how IS security managers should be positioned to understand violations in light of this paradox perspective. Findings: The employee generally in the process of carrying out ordinary activities using computing technology exemplifies unique tensions (or paradoxes in belonging, learning, organizing and performing) and these tensions would generally tend to lead to policy violations when an imbalance occurs. Recommendations for Practitioners: IS security managers must be sensitive to employees tensions. Future Research: A quantitative study, where statistical analysis could be applied to generalize findings, could be useful.

Disassociations in Security Policy Lifecycles

2015 ◽  
Vol 9 (1) ◽  
pp. 62-77 ◽  
Author(s):  
Michael Lapke ◽  
Gurpreet Dhillon
Keyword(s):  
Information Systems ◽  
Security Policy ◽  
Policy Formulation ◽  
Information Systems Security ◽  
Security Breaches ◽  
High Profile ◽  
Systems Security ◽  
Is Security ◽  
Two Sides

Continued high profile security breaches indicate that Information Systems Security remains a significant problem within organizations. The authors argue that one of the major contributors to this ongoing problem is a disconnect between security policy formulation and implementation. This disconnect can lead to a failure of policy. This paper is aimed at understanding the disconnect by analyzing the meanings that are attributed to policy formulation and implementation by the stakeholders involved in the process. A case study was carried out and a “snapshot in time” of the lifecycle of IS Security Policy formulation at the organization under study demonstrated that a disconnect is evident between these two sides of security policy.

Knowledge for Managing Information Systems Security

2010 ◽  
pp. 266-287
Author(s):  
Ken H. Guo
Keyword(s):  
Information Systems ◽  
Security Management ◽  
Systemic Review ◽  
Future Research ◽  
Information Systems Security ◽  
Systems Security ◽  
Security Research ◽  
Is Security ◽  
Knowledge Intensive ◽  
The One

Knowledge is one of the critical factors that organizations need to consider when managing the security of resource management systems or information systems in general. This is because knowledge is not only the subject but also a tool of IS security management. On the one hand, IS security is about the security of knowledge (including data and information). On the other hand, IS security management is a knowledge-intensive activity that depends heavily on IS professionals’ expertise and skills and end user awareness. Given the important role of knowledge, this chapter aims to review current security research by applying knowledge management concepts and frameworks as a tool and lens. Based on the systemic review, this chapter identifies gaps in the current information systems security literature and provides some guidelines for future research and security practices.

An Analysis of the Recent IS Security Development Approaches

2011 ◽  
pp. 101-124 ◽  
Author(s):  
Mikko T. Siponen
Keyword(s):  
Information Systems ◽  
Philosophy Of Science ◽  
Research Methods ◽  
Future Research ◽  
Information Systems Security ◽  
Philosophical Foundations ◽  
Is Research ◽  
Systems Security ◽  
Is Security ◽  
Comparison And Analysis

Recently, several Information Systems Security (ISS) development approaches that support modeling have been presented. This chapter analyzes and compares the recent approaches for the development of secure ISs. The comparison and analysis will be carried out from the viewpoints of a conceptual meta-model for IS; research methods used; the organizational roles of IS security; the objectives of the research; selected philosophical foundations (underlying epistemology, philosophy of science) and applicability. This contribution of the chapter can be divided into descriptive (assumptions that researchers should be aware of) and prescriptive implications (the direction of future research).

Sign in / Sign up

Export Citation Format

Share Document