Effects of Organization Insiders' Self-Control and Relevant Knowledge on Participation in Information Systems Security Deviant Behavior: [Best Paper Nominee]

Abstract

Disastrous consequences tend to befall organizations whose employees participate in information systems security deviant behavior (ISSDB) (e.g., connecting computers to the Internet through an insecure wireless network and opening emails from unverified senders). Although organizations recognize that ISSDB poses a serious problem, understanding what motivates its occurrence continues to be a key concern. While studies on information technology (IT) misuse abounds, research specifically focusing on the drivers of ISSDB remains scant in the literature. Using self-control theory, augmented with knowledge of relevant factors, this study examined the effects of employees' self-control, knowledge of computers/IT, and information systems (IS) security threats and risks on participation in ISSDB. A research model, including the aforementioned factors, was proposed and tested using the partial least squares technique. Data was collected from a survey of Canadian professionals. The results show that low self-control and lower levels of knowledge of computers/IT are related to employees' involvement in ISSDB. The data did not provide a meaningful relationship between employees' knowledge of IS security threats/risks and desire to participate in ISSDB.