CCE Theses and Dissertations

Date of Award


Document Type


Degree Name

Doctor of Philosophy (PhD)


College of Computing and Engineering


James Parrish

Committee Member

Jason B. Thatcher

Committee Member

James N. Smith


business email compromise, cybersecurity, executive behaviors, grounded theory, information security, social networking sites


Andrew Green April 2020 Personal social networking sites (SNS) are popular outlets for people to share information about themselves, their family and friends, and their personal and professional lives. On the surface, the information shared may seem to be innocuous or nonthreatening. However, prior studies have shown that cybercriminals can take information shared via personal SNS and use it to conduct attacks against organizations. Organization executives are of particular interest to cybercriminals because they have access to sensitive data, and they also have the ability to command actions from their subordinates. The purpose of this study was to explore what executive personal SNS behaviors pose financial risks to an organization.

This study utilized grounded theory method (GTM) to interview nine information security professionals to discover their perceptions regarding executives’ personal SNS behaviors that could pose a financial risk to an organization. The researcher used a semistructured interview process in order to collect thick, rich data for analysis. Respondents came from a diverse array of industries, thus providing data from multiple perspectives.

The resulting data analysis revealed four overarching dimensions: Loss of Intellectual Property or Sensitive Data; Compliance Violations; Harm to Reputation, and Fraudulent Transaction Loss. These overarching dimensions were supported by multiple themes, which were built on concepts identified from respondent interview data. These overarching dimensions were used to build an emergent theoretical model to explain what personal executive SNS behaviors pose financial risks to an organization.