Loading...
Paper Type
Complete
Abstract
When it comes to employees’ negative influence on organizational security, researchers are typically interested in three behavioral categories: passive mistakes, volitional non-malicious non-compliance (NMNC), and malicious computer abuse. Despite research that shows that NMNC represents the majority of employees’ negative security-related actions, we know relatively little about how employees perceive these actions and what organizations can do as a result. We integrate the framework of routine, situational, and exceptional violations from safety science to frame our exploration of NMNC. We demonstrate that the factors associated with this violation framework can be used to determine how insiders view NMNC behaviors. We provide insight into important differences among the NMNC behaviors and show how insiders can be clustered into one of three groups based on their violation perceptions.
Paper Number
1517
Recommended Citation
Posey, Clay; McCoard, Mitchell; Burns, AJ; and Roberts, Tom L., "Routine, Situational, and Exceptional Security Violations in Organizations" (2024). AMCIS 2024 Proceedings. 37.
https://aisel.aisnet.org/amcis2024/security/security/37
Routine, Situational, and Exceptional Security Violations in Organizations
When it comes to employees’ negative influence on organizational security, researchers are typically interested in three behavioral categories: passive mistakes, volitional non-malicious non-compliance (NMNC), and malicious computer abuse. Despite research that shows that NMNC represents the majority of employees’ negative security-related actions, we know relatively little about how employees perceive these actions and what organizations can do as a result. We integrate the framework of routine, situational, and exceptional violations from safety science to frame our exploration of NMNC. We demonstrate that the factors associated with this violation framework can be used to determine how insiders view NMNC behaviors. We provide insight into important differences among the NMNC behaviors and show how insiders can be clustered into one of three groups based on their violation perceptions.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGSEC