Content uploaded by Paul Benjamin Lowry
Author content
All content in this area was uploaded by Paul Benjamin Lowry
Content may be subject to copyright.
A preview of the PDF is not available
Insiders' Protection of Organizational Information Assets: A Multidimensional Scaling Study of Protection-Motivated Behaviors
Abstract and Figures
Protecting information from a wide variety of security threats is an important and sometimes daunting organizational activity. Instead of relying solely on technological advancements to help solve human problems, managers within firms must recognize and understand the roles that organizational insiders have in the protection of information (Choobineh et al. 2007; Vroom et al. 2004). The systematic study of human influences on organizational information security is termed behavioral information security (Fagnot 2008; Stanton et al. 2006b), and it affirms that the protection of organizational information assets is best achieved when the detrimental behaviors of organizational insiders are effectively deterred and the beneficial activities of these individuals are appropriately encouraged. Relative to the former, the latter facet has received little attention in the academic literature.Given this opportunity, this research explicitly focuses upon protective behaviors that help promote the protection of organizational information resources. These behaviors are termed protection-motivated behaviors (PMBs). PMBs are defined as the volitional behaviors organizational insiders can enact that protect (1) organizationally relevant information within their firms and (2) the computer-based information systems in which that information is stored, collected, disseminated, and/or manipulated from information-security threats. This paper focuses upon the development of a formal typology of PMBs as viewed by organizational insiders. Data are obtained from 33 interviews and several end-user surveys, which are then utilized by the complementary classification techniques of Multidimensional Scaling (MDS), Property Fitting (ProFit) analysis, and cluster analysis. Sixty-seven individual PMBs were discovered, and the above classification techniques uncovered a three-dimensional perceptual space common among organizational insiders regarding PMBs. This space verifies that insiders differentiate PMBs according to whether the behaviors (1) require a minor or continual level of improvements within organizations, (2) are widely or narrowly standardized and applied throughout various organizations, and (3) are a reasonable or unreasonable request of organizations to make of their insiders. Fourteen unique clusters were also discovered during this process; this finding further assists information security researchers and practitioners in their understanding of how organizational insiders perceive the behaviors that help protect information assets.
Figures - uploaded by Paul Benjamin Lowry
Author content
All figure content in this area was uploaded by Paul Benjamin Lowry
Content may be subject to copyright.
... Secondly, organizations may contribute to security violation by procuring less quality material, appointing low skills personal to handle CIM and poor communication structure. In view of this context, CIM success requires related services such as installation of quality software, maintenance organization system (repair and updates), systematic classification of information, training and retraining of staff [15]. The organizational workforce needs basic and advance knowledge about CI to enable them arrest this long time phenomenon that has been tormenting institutional sensitive information [15], most especially as we are moving toward IR4.0. ...
... In view of this context, CIM success requires related services such as installation of quality software, maintenance organization system (repair and updates), systematic classification of information, training and retraining of staff [15]. The organizational workforce needs basic and advance knowledge about CI to enable them arrest this long time phenomenon that has been tormenting institutional sensitive information [15], most especially as we are moving toward IR4.0. The ultimate goal of CIM is to protect CI not to leak. ...
... The 67th United States Secretary used her personal saver at home to for official work [16]. Therefore, continuous training of staff for effective management of CI is required [15]. If establishments invest more in staff training, procurement of good technologies, then the quality of the CIM will improve [15], which can reduce the leakages of CI in organizations. ...
... PMBs are defined as voluntary actions by insiders aimed at safeguarding both organizational information and the information systems that manage security threats [109]. In a multidimensional scaling study [108], Posey et al. categorized 67 PMBs into 14 clusters on the basis of levels of improvement needed, standardization and application, and reasonableness. These clusters include employees' behaviors, such as email handling, data protection, security training, software use, and account protection [108]. ...
... In a multidimensional scaling study [108], Posey et al. categorized 67 PMBs into 14 clusters on the basis of levels of improvement needed, standardization and application, and reasonableness. These clusters include employees' behaviors, such as email handling, data protection, security training, software use, and account protection [108]. ...
What drives employees to ensure security when handling information assets in organizations? There is growing interest from the security behavior community in how autonomous motivators shape employees' security-related behaviors. To reconcile the scattered viewpoints on autonomous motivation and synthesize findings from studies utilizing various theoretical frameworks, we systematically reviewed relevant publications. We present a preregistered literature review that investigated (a) what forms of autonomous motivation have been examined in organizational security contexts, (b) which behaviors/behavioral intentions are related to autonomous motivators, and (c) how autonomous motivation affects employees' security behaviors. Based on an initial set of 432 papers, filtered down to 45 studies, we identified 17 unique autonomous motivators and three types of related security behaviors. This review not only develops a refined taxonomy of autonomous motivation related to security behaviors but also charts a path forward for future research on autonomous motivation in human-centered security. CCS Concepts • Security and privacy → Human and societal aspects of security and privacy; • Human-centered computing → HCI theory, concepts and models.
... We measured maladaptive rewards with six items developed and validated in Posey et al. (2010); ...
... An example of an item for the intrinsic benefit of maladaptive behavior is "I would feel a sense of internal satisfaction for allowing information security threats to harm my organization." As in prior research (Posey et al., 2010), our maladaptive rewards construct exhibited strong validity and reliability (CR = 0.92). ...
Practitioners and researchers alike recognize the positive influence insiders’ behavior can have on information systems (IS) security. This awareness has resulted in a research stream focused on the performance of protective behaviors. We contribute to this research stream by extending an oft-cited theory in the information security literature—protection motivation theory (PMT)—to include the relationship of insiders’ psychological capital (PsyCap) with the mechanisms of PMT.
PsyCap is a construct of role-breadth psychological capacities and resources embodying important work-related motivational resources. Therefore, given the varied facets central to PMT, determining the relationship of PsyCap with each distinct PMT mechanism is an important contribution. Furthermore, prior research has established that individuals can develop their PsyCap. Consequently, considering the relationship of role-breadth PsyCap with the PMT mechanisms provides an important and malleable, motivational antecedent that complements PMT and is absent from most assessments of the contemporary PMT model. We find support for PsyCap’s relationship with the mechanisms of PMT and suggest opportunities to develop PsyCap in conjunction with other organizational security efforts. We present our findings, discuss their implications for research and practice, and highlight several opportunities for future research.
Information technology executives strive to align the actions of end users with the desired security posture of management and of the firm through persuasive communication. In many cases, some element of fear is incorporated within these communications. However, within the context of computer security and information assurance, it is not yet clear how these fear-inducing arguments, known as fear appeals, will ultimately impact the actions of end users. The purpose of this study is to investigate the influence of fear appeals on the compliance of end users with recommendations to enact specific individual computer security actions toward the mitigation of threats. An examination was performed that culminated in the development and testing of a conceptual model representing an infusion of technology adoption and fear appeal theories. Results of the study suggest that fear appeals do impact end user behavioral intentions to comply with recommended individual acts of security, but the impact is not uniform across all end users. It is determined in part by perceptions of self-efficacy, response efficacy, threat severity, and social influence. The findings of this research contribute to information systems security research, human computer interaction, and organizational communication by revealing a new paradigm in which IT users form perceptions of the technology, not on the basis of performance gains, but on the basis of utility for threat mitigation.
The periodic table of elements is among the most recognizable image in science. It lies at the core of chemistry and embodies the most fundamental principles of science. In this new edition, Eric Scerri offers readers a complete and updated history and philosophy of the periodic table. Written in a lively style to appeal to experts and interested lay-persons alike, The Periodic Table: Its Story and Its Significance begins with an overview of the importance of the periodic table and the manner in which the term "element" has been interpreted by chemists and philosophers across time. The book traces the evolution and development of the periodic table from its early beginnings with the work of the precursors like De Chancourtois, Newlands and Meyer to Mendeleev's 1869 first published table and beyond. Several chapters are devoted to developments in 20th century physics, especially quantum mechanics and and the extent to which they explain the periodic table in a more fundamental way. Other chapters examine the formation of the elements, nuclear structure, the discovery of the last seven infra-uranium elements, and the synthesis of trans-uranium elements. Finally, the book considers the many different ways of representing the periodic system and the quest for an optimal arrangement.
A critical element in the evolution of a fundamental body of knowledge in marketing, as well as for improved marketing practice, is the development of better measures of the variables with which marketers work. In this article an approach is outlined by which this goal can be achieved and portions of the approach are illustrated in terms of a job satisfaction measure.
Organizational typologies have proved to be a popular approach for thinking about organizational structures and strategies. Authors developing typologies, however, have been criticized for developing simplistic classification systems instead of theories. Contrary to these criticisms, we argue that typologies meet the criteria of a theory. When typologies are properly developed and fully specified, they are complex theories that can be subjected to rigorous empirical testing using the quantitative models we develop. We conclude by discussing the advantages of typological theories and presenting guidelines to improve the development of typologies.
This chapter describes the relationship between the clustering and multidimensional scaling. The clustering and multidimensional scaling are both methods for analyzing data. To some extent, they are in competition with one another. However, the clustering and multidimensional scaling stand in a strongly complementary relationship. They can be used together in several ways, and these joint uses are often desirable. The chapter describes some applications of clustering to astronomy that are not famous in the field of clustering. Many of the basic concepts of clustering belong to the biological inheritance of humans and many other animals. The concept of similarity is built into the human nervous system. There are three main types of data used in clustering: (1) multivariate data, (2) proximity data, and (3) clustering data. The multivariate data gives the values of several variables for several individuals. The proximity data consist of proximities among objects of the same kind, either proximities among individuals, or proximities among variables, or proximities among stimuli, or proximities among objects of any single cohesive type.
Advanced monitoring of critical industrial processes for high quality, safety, economy is favoured by software applications strengthening human-computer interaction. In real industries processes have hundreds of variables to be followed and monitoring should be done in a 2-D or 3-D spaces by space reduction. For this purpose, space reduction must keep the relevant and informative geometric characteristics of the original space, using proper metrics. In this work, the reduction of n-dimensional space to bi or tri-dimensional one is developed through multidimensional scaling. In the 2-D or 3-D process map, the operational regions of the process under specific conditions can be classified. This classification is made by clustering. This strategy is applied to the large-scale process of Visbreaker, from Refinery of Petrogal at Sines (Galp Energia), using multidimensional scaling with several metrics.