Litcius/Paper detail

Organizational Information Security Management for Sustainable Information Systems: An Unethical Employee Information Security Behavior Perspective

Amanda M. Y. Chu, Mike K. P. So

2020Sustainability26 citationsDOIOpen Access PDF

Abstract

This article examines the occurrences of four types of unethical employee information security behavior—misbehavior in networks/applications, dangerous Web use, omissive security behavior, and poor access control—and their relationships with employees’ information security management efforts to maintain sustainable information systems in the workplace. In terms of theoretical contributions, this article identifies and develops reliable and valid instruments to measure different types of unethical employee information security behavior. In addition, it investigates factors affecting different types of such behavior and how such behavior can be used to predict employees’ willingness to report information security incidents. In terms of managerial contributions, the article suggests that information security awareness programs and perceived punishment have differential effects on the four types of unethical behavior and that certain types of unethical information security behavior exert negative effects on employees’ willingness to report information security incidents. The findings will help managers to derive better security rules and policies, which are important for business continuity.

Topics & Concepts

Information security managementInformation securityBusinessSecurity managementPunishment (psychology)Information security standardsPerspective (graphical)Knowledge managementSecurity information and event managementPublic relationsComputer securityCloud computing securitySecurity serviceComputer scienceNetwork security policyPsychologySocial psychologyPolitical scienceArtificial intelligenceOperating systemCloud computingFinanceInformation and Cyber SecurityCybercrime and Law Enforcement StudiesNetwork Security and Intrusion Detection