CCE Theses and Dissertations

Date of Award


Document Type


Degree Name

Doctor of Philosophy in Information Systems (DISS)


College of Computing and Engineering


Yair Levy

Committee Member

Gregory Simco

Committee Member

Wei Li


cybersecurity risk, cyberslacking, remote workers


Cyberslacking is conducted by employees who are using their organizations’ equipment and network for personal purposes instead of performing their work duties during work hours. Cyberslacking has a significant adverse effect on overall employee productivity. Since the COVID-19 pandemic, the increase in remote working has heightened the cybersecurity risk to organizational networks and infrastructure. Research has shown that cyberattacks on organizations continue to increase, specifically increases in cyberattacks directed at remote employees. This work achieved the targeted goal of developing, validating and empirically testing a taxonomy to assess an organization’s remote workers’ risk level of cybersecurity threats. The taxonomy used productivity measures to determine their inclination to participate in cyberslacking and the computer security posture of the remote device being used to access organizational resource as inputs for conducting the assessment. Limited attention has been given cyberslacking by remote workers and the cybersecurity risks they pose to an organization. The study engaged cybersecurity and Information Technology (IT) Subject Matter Experts (SMEs) to participate in one round of the Delphi method in order to reach a consensus on the measures for Cyberslacking (CySI) and Computer Security Posture (CSP). This study used a three-phased approach to develop a taxonomy to assess remote workers’ risk level of cybersecurity threats. In phase one, 53 SMEs validated four indicators to measure CySI and 10 indicators to measure CSP derived from the literature. In addition, the SMEs were also asked to validate the Remote Worker Cyberslacking Security Risk Taxonomy developed. In phase two, a pilot was conducted with 15 participants to validate the instrument, measures, and data analytics process used for the main data collection. In Phase three, demographic data, CySI measures and CSP measures were collected and analyzed from 138 participants. Subsequently, in phase three, the Remote Worker Cyberslacking Security Risk Taxonomy was used to classify the level of risk remote workers could pose to the organization. The findings demonstrated that while most participants were classified as “Low Risk,” specific demographic groups could pose a risk to the organization due to their composite CySI and CSP scores. For example, males had higher CySI and lower higher CSP scores than females, indicating males could pose a cybersecurity risk to the organization. Conversely, technical staff had lower CySI and higher CSP scores than administrative and support staff, suggesting they are less likely to pose a risk to the organization. This study has significant implications for both professional practice and research. From a practical standpoint, organizations can utilize the validated measures provided by SMEs to assess the potential risks posed by their remote workforce. The Remote Worker Cyberslacking Security Risk Taxonomy developed by this study can be used as a benchmarking tool based on SMEs’ defined metrics from application usage and cybersecurity posture indicators to provide composite scores that would allow for a comparison. The results of this analysis can be leveraged by organizations to mitigate potential deficiencies in computer cybersecurity posture on remote worker devices, cybersecurity awareness training, and policy changes. In addition, the findings of this study contribute to the existing body of work in Information Systems (IS), cybersecurity, productivity, and remote work.