CCE Theses and Dissertations

Date of Award

2021

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

College of Computing and Engineering

Advisor

Souren Paul

Committee Member

Ling Wang

Committee Member

Prasad Rudramuniyaiah

Abstract

It is estimated that over half of all information systems security breaches are due directly or indirectly to the poor security practices of an organization’s employees. Previous research has shown neutralization techniques as having influence on the intent to violate information security policy. In this study, we proposed an expansion of the neutralization model by including the effects of business and ethical orientation of individuals on their tendencies to neutralize and compromise with information security policy. Additionally, constructs from social influences and pressures have been integrated into this model to measure the impact on the intent to violate information security policy from social perspectives.

This study is a quantitative study that used a survey methodology for data collection. A stratified sampling method was used to ensure equal representation in the population. A sample of members was collected using a random sampling procedure from each stratum. All data were collected by sending a survey link via email through SurveyMonkey’s participant outreach program to the aforementioned groups. Partial least squares were used for data analysis.

Findings showed business and ethical orientation had a negative impact on accepting neutralization techniques which ultimately result in the intent to violate information security policy. Furthermore, this research found neutralization, social influences, and social pressures as having 24 percent of influence to violate information security policy. Business orientation and ethical orientation contributed to 15 percent of influence in variance on employees accepting neutralization techniques.

Implications of this research suggest information security policies can be compromised by employees and additional measures are needed. Behavioral analytics may provide an understanding of how employees act and why. Routine training is necessary to help minimize risks, and a healthy security culture will promote information security as a focal point to the organization.

Share

COinS