Management Information Systems Quarterly
Abstract
Protecting information from a variety of security threats is a daunting organizational activity. Organization managers must recognize the roles that organization insiders have in protecting information resources rather than solely relying upon technology to provide this protection. Unfortunately, compared to negative insider behaviors, the extant literature provides sparse coverage of beneficial insider activities. The few beneficial activities in the literature represent only a small portion of the diverse collection of insiders’ protective actions.
This research focuses on protection-motivated behaviors (PMBs), which are volitional behaviors enacted by organization insiders to protect (1) organizationally relevant information and (2) the computer-based information systems in which the information is stored, collected, disseminated, and/or manipulated from information security threats. Based on systematics, we propose a six-step methodology of qualitative and quantitative approaches to develop a taxonomy and theory of diversity for PMBs. These approaches integrate the classification techniques of multidimensional scaling (MDS), property fitting (ProFit), and cluster analyses. We leverage these techniques to identify and display how insiders collectively classify 67 unique PMBs and their homogeneous classes. Our taxonomy provides researchers and practitioners a comprehensive guide and common nomenclature for PMBs. Our methodology can be similarly used to create other theories of diversity.