Loading...
Paper Type
ERF
Abstract
Insiders within organizations increase the risk of security incidents through non-malicious intentions. Previous research extensively investigated potential factors in influencing intentional information security misbehaviors either malicious or non-malicious. However, potential causes rooted in unintentional information security misbehaviors are less known. Drawing on in-depth qualitative approach, this paper seeks to provide a rich understanding of why employees unintentionally violate information security policies. Interviews with employees and information security management teams are conducted across various industries. Following qualitative data analyses, we aim to identify possible organizational and human factors causing unintentional information security misbehaviors and explain to what degree each of these influencers is associated with certain misbehavior. This leads to achieving two main objectives of this study. First, to distinguish the motives of non-malicious unintentional insiders from non-malicious intentional insiders. Second, to challenge the existing knowledge and theoretical frameworks regarding insiders’ information security behaviors at the workplace.
Recommended Citation
Nasirpouri Shadbad, Forough; Baham, Corey; and Biros, David, "A Qualitative Approach to Understand Unintentional Information Security Misbehaviors" (2020). AMCIS 2020 Proceedings. 14.
https://aisel.aisnet.org/amcis2020/info_security_privacy/info_security_privacy/14
A Qualitative Approach to Understand Unintentional Information Security Misbehaviors
Insiders within organizations increase the risk of security incidents through non-malicious intentions. Previous research extensively investigated potential factors in influencing intentional information security misbehaviors either malicious or non-malicious. However, potential causes rooted in unintentional information security misbehaviors are less known. Drawing on in-depth qualitative approach, this paper seeks to provide a rich understanding of why employees unintentionally violate information security policies. Interviews with employees and information security management teams are conducted across various industries. Following qualitative data analyses, we aim to identify possible organizational and human factors causing unintentional information security misbehaviors and explain to what degree each of these influencers is associated with certain misbehavior. This leads to achieving two main objectives of this study. First, to distinguish the motives of non-malicious unintentional insiders from non-malicious intentional insiders. Second, to challenge the existing knowledge and theoretical frameworks regarding insiders’ information security behaviors at the workplace.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.