Deterrence and Prevention-based Model to Mitigate Information Security Insider Threats in Organisations

by   Nader Sohrabi Safa, et al.

Previous studies show that information security breaches and privacy violations are important issues for organisations and people. It is acknowledged that decreasing the risk in this domain requires consideration of the technological aspects of information security alongside human aspects. Employees intentionally or unintentionally account for a significant portion of the threats to information assets in organisations. This research presents a novel conceptual framework to mitigate the risk of insiders using deterrence and prevention approaches. Deterrence factors discourage employees from engaging in information security misbehaviour in organisations, and situational crime prevention factors encourage them to prevent information security misconduct. Our findings show that perceived sanctions certainty and severity significantly influence individuals' attitudes and deter them from information security misconduct. In addition, the output revealed that increasing the effort, risk and reducing the reward (benefits of crime) influence the employees' attitudes towards prevent information security misbehaviour. However, removing excuses and reducing provocations do not significantly influence individuals' attitudes towards prevent information security misconduct. Finally, the output of the data analysis also showed that subjective norms, perceived behavioural control and attitude influence individuals' intentions, and, ultimately, their behaviour towards avoiding information security misbehaviour.



page 1

page 2

page 3

page 4


On the Impact of Perceived Vulnerability in the Adoption of Information Systems Security Innovations

A number of determinants predict the adoption of Information Systems (IS...

Information Security Risks Assessment: A Case Study

Owing to recorded incidents of Information technology inclined organisat...

Panel: Humans and Technology for Inclusive Privacy and Security

Computer security and user privacy are critical issues and concerns in t...

SoK: A Framework for Unifying At-Risk User Research

At-risk users are people who experience elevated digital security, priva...

Factors that Determine Continuous Intention to Use Mobile Payments in Malawi

The proliferation of mobile phones has made mobile payments to be widely...

Exploring Knowledge Leakage Risk in Knowledge-Intensive Organisations: Behavioural aspects and Key controls

Knowledge leakage poses a critical risk to the competitive advantage of ...

Computer Security Risks of Distant Relative Matching in Consumer Genetic Databases

Consumer genetic testing has become immensely popular in recent years an...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.