|
Abstract:
|
Information systems assets are vital to the functioning and survival of organizations . Therefore , organizations expend many resources in protecting these assets . Organizations spent resources on technologies , policies , procedures , guidelines , user awareness , education , training and other protection mechanisms . Advancing technology and complexity of organizations make the protection of these assets a continuing challenge . Studies show that in spite of these efforts , the main reason for security failures in organizations is due to human behavior (Stanton et al . 2004 ) .
This study speaks for an enhanced behavioral model for the adverse usage of IS assets and addresses the factors that influence these behaviors . The presented model uses extended higher order conceptualization of the three basic constructs of the theory of planned behavior to study the adverse usage of IS assets . Instead of using a single IS misuse variable , it includes a category of behaviors related to adverse usage of IS assets . The factors considered in this study are Attitude (Affective , Cognitive ) ; Social Influence (Subjective norm , Descriptive norm ) , Perceived Behavioral Control (Self -efficacy , Controllability ) ; Moral Norms ; Organizational Commitment ; Job Satisfaction ; and Influence Mechanisms (Likelihood of Detection , Security Awareness ) .
This study is expected to contribute to theory , methodology and practice . To the best of our knowledge , this is the first study that conceptualize and empirically measure a category of behaviors related to adverse usage of IS assets instead of studying a single behavior . It is the first attempt in IS to conceptualize and empirically test all the three basic variables of the theory of planned behavior as higher order constructs . From a managerial perspective , this study determines the factors that can predict the intention of employees towards adverse usage of IS assets and can directly or indirectly impact the information security of an organization . It also tests the role of various influence mechanisms to control the behavior related to information security . The results indicate that organizations should make major investments in education , training and awareness programs to enhance their security . The results of this study will help the managers to develop actions and strategies to deal with issues related to such behaviors in organizations . |