Browsing by Author "Posey, Clay"

Now showing 1 - 2 of 2
  • Thumbnail Image
    The Adaptive Roles of Positive and Negative Emotions in Organizational Insiders’ Security-Based Precaution Taking
    Burns, A. J.; Roberts, Tom L.; Posey, Clay; Lowry, Paul Benjamin (Institute for Operations Research and the Management Sciences (INFORMS), 2019-12)
    Protecting organizational information is a top priority for most firms. This reality, coupled with the fact that organizational insiders control much of their organizations’ valuable information, has led both researchers and practitioners to acknowledge the importance of insiders’ behavior for information security (InfoSec). Until recently, researchers have employed only a few theories to understand these influences, and this has generated calls for a broadened theoretical repertoire. Given this opportunity, we incorporate the framework of emotions developed in the information systems (IS) discipline by Beaudry and Pinsonneault (2010) and add the broaden-and-build theory (BBT) to understand the influence of discrete positive and negative emotions on insiders’ precaution-taking activities. Our findings demonstrate that the relationship between both positive and negative emotions and precaution taking is mediated by insiders’ (1) psychological capital (PsyCap), a higher-order, work-related construct of positive psychological resource capabilities, and (2) psychological distancing, a coping mechanism characterized by insiders’ attempts to detach themselves psychologically from a situation. By considering these factors, our model explains 32 percent of the variance in insiders’ precaution taking in organizations. Researchers and practitioners can use these findings to develop effective insider InfoSec training, including emotional appeals that increase insiders’ precaution taking.
  • Thumbnail Image
    Going beyond deterrence: A middle-range theory of motives and controls for insider computer abuse
    Burns, A. J.; Roberts, Tom L.; Posey, Clay; Lowry, Paul Benjamin; Fuller, Bryan (Institute for Operations Research and Management Sciences, 2022-04)
    Despite widespread agreement among practitioners and academicians that organizational insiders are a significant threat to organizational information systems security, insider computer abuse (ICA)—unauthorized and deliberate misuse of organizational information resources by organizational insiders—remains a serious issue. Recent studies have shown that most employees are willing to share confidential or regulated information under certain circumstances and nearly a third to half of major security breaches are tied to insiders. These trends indicate that organizational security efforts, which generally focus on deterrence and sanctions, have yet to effectively address ICA. Therefore, leading security researchers and practitioners have called for a more nuanced understanding of insiders in respect to deterrence efforts. We answer these calls by proposing a middle-range theory of ICA that focuses on understanding the inherent tensions between insider motivations and organizational controls. Our careful review distinguishes two categories of personal motives for ICA: (1) instrumental (i.e., financial benefits) (2) and expressive (i.e., psychological contract violations) motives. Our novel theory of ICA also includes the influence of two classes of controls for ICA: (1) intrinsic (i.e., self-control) and (2) extrinsic (i.e., organizational deterrence) controls. We developed and empirically examined a research model based on our middle-range theory that explains a substantial portion of the variance in ICA (R2 = 0.462). Specifically, our results indicate that both instrumental and expressive motives were positively related to ICA. Moreover, intrinsic self-control exerted significant direct and moderating influences in our research model, whereas extrinsic organizational deterrence failed to exhibit a direct effect on ICA and significantly moderated instrumental motives’ relationship with ICA only. Not only do our results show that self-control exerted a stronger effect on the model than deterrence did (f2self-control = 0.195; f2org.det. = 0.048) but they also help us identify the limits of deterrence in ICA research.