Antecedent factors of violation of information security rules

IF 1.3 Q3 BUSINESS
Alexandre Cappellozza, G. Moraes, Gilberto Pérez, Alessandra Lourenço Simões
{"title":"Antecedent factors of violation of information security rules","authors":"Alexandre Cappellozza, G. Moraes, Gilberto Pérez, Alessandra Lourenço Simões","doi":"10.1108/rausp-02-2021-0022","DOIUrl":null,"url":null,"abstract":"\nPurpose\nThis paper aims to investigate the influence of moral disengagement, perceived penalty, negative experiences and turnover intention on the intention to violate the established security rules.\n\n\nDesign/methodology/approach\nThe method used involves two stages of analysis, using techniques of structural equation modeling and artificial intelligence with neural networks, based on information collected from 318 workers of organizational information systems.\n\n\nFindings\nThe model provides a reasonable prediction regarding the intention to violate information security policies (ISP). The results revealed that the relationships of moral disengagement and perceived penalty significantly influence such an intention.\n\n\nResearch limitations/implications\nThis research presents a multi-analytical approach that expands the robustness of the results by the complementarity of each analysis technique. In addition, it offers scientific evidence of the factors that reinforce the cognitive processes that involve workers’ decision-making in security breaches.\n\n\nPractical implications\nThe practical recommendation is to improve organizational communication to mitigate information security vulnerabilities in several ways, namely, training actions that simulate daily work routines; exposing the consequences of policy violations; disseminating internal newsletters with examples of inappropriate behavior.\n\n\nSocial implications\nResults indicate that information security does not depend on the employees’ commitment to the organization; system vulnerabilities can be explored even by employees committed to the companies.\n\n\nOriginality/value\nThe study expands the knowledge about the individual factors that make information security in companies vulnerable, one of the few in the literature which aims to offer an in-depth perspective on which individual antecedent factors affect the violation of ISP.\n","PeriodicalId":43400,"journal":{"name":"RAUSP Management Journal","volume":" ","pages":""},"PeriodicalIF":1.3000,"publicationDate":"2021-12-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"RAUSP Management Journal","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1108/rausp-02-2021-0022","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"BUSINESS","Score":null,"Total":0}
引用次数: 1

Abstract

Purpose This paper aims to investigate the influence of moral disengagement, perceived penalty, negative experiences and turnover intention on the intention to violate the established security rules. Design/methodology/approach The method used involves two stages of analysis, using techniques of structural equation modeling and artificial intelligence with neural networks, based on information collected from 318 workers of organizational information systems. Findings The model provides a reasonable prediction regarding the intention to violate information security policies (ISP). The results revealed that the relationships of moral disengagement and perceived penalty significantly influence such an intention. Research limitations/implications This research presents a multi-analytical approach that expands the robustness of the results by the complementarity of each analysis technique. In addition, it offers scientific evidence of the factors that reinforce the cognitive processes that involve workers’ decision-making in security breaches. Practical implications The practical recommendation is to improve organizational communication to mitigate information security vulnerabilities in several ways, namely, training actions that simulate daily work routines; exposing the consequences of policy violations; disseminating internal newsletters with examples of inappropriate behavior. Social implications Results indicate that information security does not depend on the employees’ commitment to the organization; system vulnerabilities can be explored even by employees committed to the companies. Originality/value The study expands the knowledge about the individual factors that make information security in companies vulnerable, one of the few in the literature which aims to offer an in-depth perspective on which individual antecedent factors affect the violation of ISP.
违反信息安全规则的前因因素
目的研究道德推脱、感知惩罚、消极体验和离职倾向对违反既定安全规则意愿的影响。设计/方法/方法所使用的方法包括两个分析阶段,使用结构方程建模和人工智能与神经网络技术,基于从组织信息系统的318名工作人员收集的信息。研究发现:该模型对违反信息安全策略(ISP)的意图提供了合理的预测。结果表明,道德脱离和感知惩罚的关系显著影响这种意愿。本研究提出了一种多分析方法,通过每种分析技术的互补性扩大了结果的稳健性。此外,它还为强化认知过程的因素提供了科学证据,这些认知过程涉及员工对安全漏洞的决策。实际意义实际建议是通过几种方式改善组织沟通以减轻信息安全漏洞,即,模拟日常工作流程的培训行动;揭露违反政策的后果;在内部通讯中散布不当行为的例子。结果显示,资讯安全不依赖于员工对组织的承诺;系统漏洞甚至可以被公司的员工发现。独创性/价值该研究扩展了关于使公司信息安全易受攻击的个人因素的知识,这是文献中为数不多的旨在提供深入视角的个人前因因素影响ISP违规行为的研究之一。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
CiteScore
3.30
自引率
5.00%
发文量
22
审稿时长
30 weeks
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信