Paper Type

Complete

Abstract

When it comes to employees’ negative influence on organizational security, researchers are typically interested in three behavioral categories: passive mistakes, volitional non-malicious non-compliance (NMNC), and malicious computer abuse. Despite research that shows that NMNC represents the majority of employees’ negative security-related actions, we know relatively little about how employees perceive these actions and what organizations can do as a result. We integrate the framework of routine, situational, and exceptional violations from safety science to frame our exploration of NMNC. We demonstrate that the factors associated with this violation framework can be used to determine how insiders view NMNC behaviors. We provide insight into important differences among the NMNC behaviors and show how insiders can be clustered into one of three groups based on their violation perceptions.

Paper Number

1517

Author Connect URL

https://authorconnect.aisnet.org/conferences/AMCIS2024/papers/1517

Comments

SIGSEC

Author Connect Link

Share

COinS
Top 25 Paper Badge
 
Aug 16th, 12:00 AM

Routine, Situational, and Exceptional Security Violations in Organizations

When it comes to employees’ negative influence on organizational security, researchers are typically interested in three behavioral categories: passive mistakes, volitional non-malicious non-compliance (NMNC), and malicious computer abuse. Despite research that shows that NMNC represents the majority of employees’ negative security-related actions, we know relatively little about how employees perceive these actions and what organizations can do as a result. We integrate the framework of routine, situational, and exceptional violations from safety science to frame our exploration of NMNC. We demonstrate that the factors associated with this violation framework can be used to determine how insiders view NMNC behaviors. We provide insight into important differences among the NMNC behaviors and show how insiders can be clustered into one of three groups based on their violation perceptions.

When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.