Toward a behavioral contingency theory of security-related corruption control: Understanding informal social controls.

摘要

Information security is increasingly important to organizations, as security breaches are costly. Organizational insiders can be assets or vulnerabilities in the battle to secure information systems. However, organizational insiders' security beliefs and behaviors are not well understood. In particular, little is known about how social influence affects insiders' security behaviors, yet studies have shown that social influence is shown to be a strong predictor of security behavior. A deeper understanding of social influence is needed in the literature. Additionally, many security studies only examine a cross-sectional period with no concern for changes in beliefs and behaviors over time. Thus, little is known about how learning in previous life periods (e.g., childhood/adolescence and tenure at a previous job) influences insiders' current security beliefs and behaviors.;This study examines the influence that informal information security controls exert on the information security behaviors of organizational insiders. This study also identifies how perceptions of previous social learning experiences influence current security beliefs and behaviors. In particular, this dissertation highlights four security behaviors: security risk-taking behavior and security damaging behavior, and security compliant behavior and proactive security behavior. Through a qualitative study, a model of the effect of social learning on security behavior is developed. A quantitative test is then presented to further confirm the results of the qualitative study. Through the quantitative study, an initial exploration of social learning across national boundaries is also provided. The study also concerns itself with understanding how context influences information security beliefs and behaviors.