Information Technology Reference
In-Depth Information
We hope that researchers will see from our results that influencing information security-related
behavior constitutes a complex and interesting set of problems worthy of extended programs of
research. This research must incorporate a systemic model of the technology user in context, rather
than focusing solely on intrapersonal issues such as knowledge or attitudes or purely organiza-
tional issues such as organization size or type. Information systems user behavior occurs within
an organizational context, and full consideration of that context must include social, technologi-
cal, and organizational influences in addition to the basic characteristics and proclivities of the
individual users. We believe that ultimately such research can contribute practical solutions that
improve the information security of contemporary organizations. Research and development in
the area of technology-based security controls has a substantial lead on behavioral research, how-
ever. Behavioral researchers must catch up by demonstrating that the human side of the informa-
tion security “problem” has measurements, models, explanations, and viable interventions for
improving information security within organizations.
ACKNOWLEDGMENTS
This work was supported in part by a small grant from the SIOP Foundation and in part by award
ITR-0312078 from the National Science Foundation. Neither the SIOP Foundation nor the National
Science Foundation necessarily endorses the findings or conclusions of this work.
The authors appreciate the assistance of Isabelle Fagnot, Indira Guzman, Vibha Vijayasri, and
Cavinda Caldera in the collection and preparation of the data for this paper.
REFERENCES
Allen, N.J., and Meyer, J.P. The measurement and antecedents of affective, continuance, and normative com-
mitment to the organization.
Journal of Occupational Psychology
, 63 (1990), 1-18.
Anderson, R.H.; Feldman, P.M.; Gerwehr, S.; Houghton, B.; Mesic, R.; Pinder, J.D.; Rothenberg, J.; and
Chiesa, J.
Securing the U.S. defense information infrastructure: A proposed approach.
Washington, DC:
Rand, 1999.
Anderson, R.
A Security Policy Model for Clinical Information Systems.
Proceedings of the IEEE Sympo-
sium on Security and Privacy, Oakland, CA, May 6-8, 1996, pp. 30-43.
Armstrong, L.; Phillips, J.G.; and Saling, L.L. Potential determinants of heavier internet usage.
International
Journal of Human-Computer Studies
, 53, 4 (2000), 537-550.
Bandura, A., and Wood, R. Effect of perceived controllability and performance standards on self-regulation
of complex decision making.
Journal of Personality and Social Psychology
, 56 (1989), 805-814.
Caelli, W.; Longley. D.; and Shain, M.
Information Security Handbook,
New York: Stockton Press, 1991.
Clarke, R.
Introduction to Information Security.
Unpublished manuscript. Canberra, Australia: Australian
National University, 2001 (available at http://www.anu.edu.au/people/Roger.Clarke/EC/IntroSecy.html).
Cohen, J. A power primer.
Psychological Bulletin
, 112, 1 (1992), 155-159.
David, J. Policy enforcement in the workplace.
Computers and Security
, 21, 6 (2002), 506-513.
Dhillon, G. (ed.)
Information Security Management: Global Challenges in the New Millennium.
Hershey,
PA: Idea Group Publishing, 2001.
Ernst and Young LLP.
Global Information Security Survey.
London: Presentation Services, 2002.
Ettredge, M., and Richardson, V.J.
Assessing the risk in e-commerce.
Working Paper: University of Kansas,
2001 (available at: http://dlib2.computer.org/conferen/hicss/1435/pdf/14350194.pdf ).
Gonzalez, J.J., and Sawicka, A. A framework for human factors in information security. Presented at the 2002
WSEAS Int. Conf. on Information Security, Rio de Janeiro, 2002 (available at http://ikt.hia.no/josejg/).
Gordon, L.A., and Loeb, M.P. The economics of information security investment.
ACM Transactions on
Information and System Security
, 5, 4 (2002), 438-457.
Hawkins, S.M.; Yen, D.C.; and Chou, D.C. Disaster recovery planning: a strategy for data security.
Information
Management & Computer Security
, 8, 5 (2000), 222-229.
Search WWH ::
Custom Search