• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文学位 >Security countermeasures and their impact on information systems misuse: A deterrence perspective.
【24h】

Security countermeasures and their impact on information systems misuse: A deterrence perspective.

机译:安全对策及其对信息系统滥用的影响:威慑观点。

获取原文
获取原文并翻译 | 示例
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Intentional insider misuse of information technology resources (i.e., IS misuse) is a serious problem for organizations. This problem is likely to persist in the future, as the computer literacy of organizational staffs continues to increase. In response to the growing threat of IS misuse, researchers have suggested that organizations employ certain technical and procedural techniques---termed here security countermeasures---in an effort to deter such behavior. This study uses the framework of general deterrence theory to investigate the impact of security countermeasures (defined as security policies, security awareness programs, monitoring practices, and preventative security software) on IS misuse, and the role of perceived certainty and severity of sanctions in mediating these relationships. In addition, the study tests the differential deterrence hypothesis by examining the moderating influence of computer self-efficacy, risk propensity, and virtual status on the effectiveness of the aforementioned security countermeasures.; Data were collected using a survey instrument that captured respondents' intentions and perceived certainty and severity of organizational sanctions regarding different IS misuse scenarios and measured the other variables in the proposed model. Based on analyses of three different datasets, strong support was found for the effectiveness of security policies, security awareness programs, and computer monitoring in deterring IS misuse. Preventative security software, at least in the form of basic access control technologies, appears only moderately effective in deterring IS misuse. The results also suggest that risk propensity does not impact the effectiveness of security countermeasures, but computer self-efficacy and virtual status do. Specifically, security policies, computer monitoring, and preventative security software are less effective in deterring IS misuse for individuals with greater computer self-efficacy, while security awareness programs are more effective for these individuals. Security awareness programs also have a greater deterrent effect on virtual workers, but security policies are less effective for these individuals.; Overall, this study presents significant progress toward explaining the relationships between security countermeasures and IS misuse, while reaffirming the applicability of general deterrence theory to the IS security domain. The results also have strong implications for IS security management practices within organizations.
机译:故意内部滥用信息技术资源(即IS滥用)对于组织来说是一个严重的问题。随着组织人员的计算机素养不断提高,该问题将来可能会继续存在。为了应对越来越多的IS滥用威胁,研究人员建议组织采用某些技术和程序技术(此处称为安全对策)来阻止此类行为。这项研究使用一般威慑理论的框架来调查安全对策(定义为安全策略,安全意识计划,监视实践和预防性安全软件)对IS滥用的影响,以及在制裁过程中感知确定性和严厉制裁的作用这些关系。此外,该研究通过检查计算机自我效能,风险倾向和虚拟状态对上述安全对策的有效性的适度影响来检验差异威慑假设。使用调查工具收集数据,该工具捕获了受访者的意图以及组织针对不同IS滥用场景的制裁的确定性和严重性,并测量了所提议模型中的其他变量。基于对三个不同数据集的分析,在防止IS滥用方面,安全策略,安全意识程序和计算机监视的有效性得到了强有力的支持。至少以基本访问控制技术的形式出现的预防性安全软件在阻止IS滥用方面仅表现为中等有效。结果还表明,风险倾向不会影响安全对策的有效性,但是计算机的自我效能和虚拟状态会影响安全对策的有效性。具体来说,安全策略,计算机监视和预防性安全软件在阻止具有较高计算机自我效能的个人滥用IS方面效果不佳,而安全意识计划对这些个人则更为有效。安全意识计划还对虚拟工作者产生更大的威慑作用,但是安全策略对这些人的效果不佳。总体而言,本研究为解释安全对策与IS滥用之间的关系提供了重要进展,同时重申了一般威慑理论在IS安全领域的适用性。该结果也对组织内部的IS安全管理实践具有重要意义。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号