Show simple item record

dc.contributor.authorSafa, N
dc.contributor.authorMaple, C
dc.contributor.authorFurnell, SM
dc.contributor.authorAzad, M
dc.contributor.authorPerera, C
dc.contributor.authorDabbagh, M
dc.date.accessioned2019-03-29T11:50:01Z
dc.date.issued2019-08
dc.identifier.issn0167-739X
dc.identifier.urihttp://hdl.handle.net/10026.1/13581
dc.description.abstract

Previous studies show that information security breaches and privacy violations are important issues for organisations and people. It is acknowledged that decreasing the risk in this domain requires consideration of the technological aspects of information security alongside human aspects. Employees intentionally or unintentionally account for a significant portion of the threats to information assets in organisations. This research presents a novel conceptual framework to mitigate the risk of insiders using deterrence and prevention approaches. Deterrence factors discourage employees from engaging in information security misbehaviour in organisations, and situational crime prevention factors encourage them to prevent information security misconduct. Our findings show that perceived sanctions certainty and severity significantly influence individuals’ attitudes and deter them from information security misconduct. In addition, the output revealed that increasing the effort, risk and reducing the reward (benefits of crime) influence the employees’ attitudes towards prevent information security misbehaviour. However, removing excuses and reducing provocations do not significantly influence individuals’ attitudes towards prevent information security misconduct. Finally, the output of the data analysis also showed that subjective norms, perceived behavioural control and attitude influence individuals’ intentions, and, ultimately, their behaviour towards avoiding information security misbehaviour.

dc.format.extent587-597
dc.languageen
dc.language.isoen
dc.publisherElsevier
dc.subject4605 Data Management and Data Science
dc.subject4606 Distributed Computing and Systems Software
dc.subject46 Information and Computing Sciences
dc.subject4609 Information Systems
dc.subjectPrevention
dc.subject16 Peace, Justice and Strong Institutions
dc.titleDeterrence and Prevention-based Model to Mitigate Information Security Insider Threats in Organisations
dc.typejournal-article
dc.typeJournal Article
plymouth.volume97
plymouth.publisher-urlhttp://dx.doi.org/10.1016/j.future.2019.03.024
plymouth.publication-statusPublished
plymouth.journalFuture Generation Computer Systems
dc.identifier.doi10.1016/j.future.2019.03.024
plymouth.organisational-group/Plymouth
plymouth.organisational-group/Plymouth/Faculty of Science and Engineering
plymouth.organisational-group/Plymouth/Users by role
dcterms.dateAccepted2019-03-08
dc.rights.embargodate2020-3-11
dc.rights.embargoperiodNot known
rioxxterms.versionofrecord10.1016/j.future.2019.03.024
rioxxterms.licenseref.urihttp://www.rioxx.net/licenses/all-rights-reserved
rioxxterms.licenseref.startdate2019-08
rioxxterms.typeJournal Article/Review


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record


All items in PEARL are protected by copyright law.
Author manuscripts deposited to comply with open access mandates are made available in accordance with publisher policies. Please cite only the published version using the details provided on the item record or document. In the absence of an open licence (e.g. Creative Commons), permissions for further reuse of content should be sought from the publisher or author.
Theme by 
Atmire NV