• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文期刊>Information Systems Research >User Awareness Of Security Countermeasures Andits Impact On Information Systems Misuse: a Deterrence Approach
【24h】

User Awareness Of Security Countermeasures Andits Impact On Information Systems Misuse: a Deterrence Approach

机译:用户的安全对策意识及其对信息系统滥用的影响:威慑方法

获取原文
获取原文并翻译 | 示例
           
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Intentional insider misuse of information systems resources (i.e., IS misuse) represents a significant threat to organizations. For example, industry statistics suggest that between 50%-75% of security incidents originate from within an organization. Because of the large number of misuse incidents, it has become important to understand how to reduce such behavior. General deterrence theory suggests that certain controls can serve as deterrent mechanisms by increasing the perceived threat of punishment for IS misuse. This paper presents an extended deterrence theory model that combines work from criminology, social psychology, and information systems. The model posits that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention. The model is then tested on 269 computer users from eight different companies. The results suggest that three practices deter IS misuse: user awareness of security policies; security education, training, and awareness (SETA) programs; and computer monitoring. The results also suggest that perceived severity of sanctions is more effective in reducing IS misuse than certainty of sanctions. Further, there is evidence that the impact of sanction perceptions vary based on one's level of morality. Implications for the research and practice of IS security are discussed.
机译:内部人故意滥用信息系统资源(即IS滥用)对组织构成了重大威胁。例如,行业统计数据表明,有50%-75%的安全事件来自组织内部。由于存在大量滥用事件,因此了解如何减少这种行为就变得很重要。通用威慑理论表明,某些控制措施可以通过增加对滥用IS的感知威胁来充当威慑机制。本文提出了一个扩展的威慑理论模型,该模型结合了犯罪学,社会心理学和信息系统的研究成果。该模型认为,用户对安全对策的意识直接影响与IS滥用相关的组织制裁的确定性和严重性,从而降低IS滥用的意图。然后,该模型在来自8个不同公司的269位计算机用户上进行了测试。结果表明,三种做法可以阻止IS滥用:用户对安全策略的意识;安全教育,培训和意识(SETA)计划;和计算机监控。结果还表明,相比制裁的确定性,制裁的严厉程度在减少IS滥用方面更为有效。此外,有证据表明,制裁观念的影响因人的道德水平而异。讨论了对IS安全性研究和实践的启示。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号