Deterrence and Prevention-based Model to Mitigate Information Security Insider Threats in Organisations

Nader Sohrabi Safa,C. Maple,S. Furnell,M. A. Azad,Charith Perera,M. Dabbagh,Mehdi Sookhak

Published 2019 in Future generations computer systems

ABSTRACT

Abstract Previous studies show that information security breaches and privacy violations are important issues for organisations and people. It is acknowledged that decreasing the risk in this domain requires consideration of the technological aspects of information security alongside human aspects. Employees intentionally or unintentionally account for a significant portion of the threats to information assets in organisations. This research presents a novel conceptual framework to mitigate the risk of insiders using deterrence and prevention approaches. Deterrence factors discourage employees from engaging in information security misbehaviour in organisations, and situational crime prevention factors encourage them to prevent information security misconduct. Our findings show that perceived sanctions certainty and severity significantly influence individuals’ attitudes and deter them from information security misconduct. In addition, the output revealed that increasing the effort, risk and reducing the reward (benefits of crime) influence the employees’ attitudes towards prevent information security misbehaviour. However, removing excuses and reducing provocations do not significantly influence individuals’ attitudes towards prevent information security misconduct. Finally, the output of the data analysis also showed that subjective norms, perceived behavioural control and attitude influence individuals’ intentions, and, ultimately, their behaviour towards avoiding information security misbehaviour.

PUBLICATION RECORD

Publication year
2019
Venue
Future generations computer systems
Publication date
2019-03-15
Fields of study
Law, Business, Computer Science
Identifiers
DOI 10.1016/J.FUTURE.2019.03.024 arXiv 1903.12079
External record
Open on Semantic Scholar
Source metadata
Semantic Scholar

CITATION MAP

EXTRACTION MAP

CLAIMS

No claims are published for this paper.

CONCEPTS

No concepts are published for this paper.

REFERENCES

Organizational Behavior and Human Decision Processes
2020cited by this paper
[Authors].
2018cited by this paper
An opportunistic resource management model to overcome resource‐constraint in the Internet of Things
2018cited by this paper
Information security: Listening to the perspective of organisational insiders
2018cited by this paper
A Policy-Based Framework for Preserving Confidentiality in BYOD Environments: A Review of Information Security Perspectives
2017cited by this paper
Human aspects of information security in organisations
2016cited by this paper
Human behaviour as an aspect of cybersecurity assurance
2016cited by this paper
The Impact of Motivational Interviewing on Delinquent Behaviors in Incarcerated Adolescents.
2016cited by this paper
Information security policy compliance model in organizations
2016cited by this paper
A model of emotion and computer abuse
2016cited by this paper
An information security knowledge sharing model in organizations
2016cited by this paper
Common Sense Guide to Mitigating Insider Threats, Fifth Edition
2016cited by this paper
Motivations of employees' knowledge sharing behaviors: A self-determination perspective
2015cited by this paper
Personality, attitudes, and intentions: Predicting initial adoption of information security behavior
2015cited by this paper
Information security conscious care behaviour formation in organizations
2015cited by this paper
A good thing isn’t always a good thing: Dispositional attitudes predict non-normative judgments
2015cited by this paper
Communion-orientation as an antidote for aggressive behaviour among high provocation sensitive individuals
2015cited by this paper
Information disclosure on social networking sites: An intrinsic-extrinsic motivation perspective
2015cited by this paper
Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders
2014cited by this paper
Employees' adherence to information security policies: An exploratory field study
2014cited by this paper
Analysis of Insiders Attack Mitigation Strategies
2014cited by this paper
A Path to Successful Management of Employee Security Compliance: An Empirical Study of Information Security Climate
2014cited by this paper
Protecting organizational competitive advantage: A knowledge leakage perspective
2014cited by this paper
Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition
2014influential reference
Don't make excuses! Discouraging neutralization to reduce IT policy violation
2013cited by this paper
A conceptual opportunity-based framework to mitigate the insider threat
2013cited by this paper
The economic impact of cyber terrorism
2013cited by this paper
Insider Threat Program Best Practices
2013cited by this paper
Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory
2013influential reference
Taxonomy of compliant information security behavior
2012cited by this paper
Specification, evaluation, and interpretation of structural equation models
2012cited by this paper
Information systems user security: A structured model of the knowing-doing gap
2012cited by this paper
Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory
2012cited by this paper
A study on the structure of the Chinese information policy domain framework
2012cited by this paper
Minimizing insider misuse through secure Identity Management
2012cited by this paper
Affect, cognition and reward: Predictors of privacy protection online
2012cited by this paper
Proactive Insider Threat Detection through Graph Learning and Psychological Context
2012cited by this paper
Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model
2011cited by this paper
Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies
2011influential reference
Specification, evaluation, and interpretation of structural equation models
2011cited by this paper
An Integrative Model for Knowledge Sharing in Communities-of-Practice
2011cited by this paper
Social and interactional practices for disseminating current awareness information in an organisational setting
2010cited by this paper
Neutralization: New Insights into the Problem of Employee Systems Security Policy Violations
2010cited by this paper
Insider Threat and Information Security Management
2010cited by this paper
Assessing insider threats to information security using technical, behavioural and organisational measures
2010cited by this paper
Understanding compliance with internet use policy from the perspective of rational choice theory
2010influential reference
An impressionistic mapping of information behavior with special attention to contexts, rationality, and ignorance
2009cited by this paper
Deciding what's right: The role of external sanctions and embarrassment in shaping moral judgments in the workplace
2008cited by this paper
The Interaction of Work Stressors and Organizational Sanctions on Cyberloafing
2008cited by this paper
Handbook of Univariate and Multivariate Data Analysis and Interpretation with SPSS
2006cited by this paper
Understanding the perpetration of employee computer crime in the organisational context
2006cited by this paper
Situational Crime Prevention and Cyber-crime investigation: the Online Pedo-pornography case study
2005cited by this paper
Using Situational Crime Prevention Theory to Explain the Effectiveness of Information Systems Security
2005cited by this paper
The insider threat to information systems and the effectiveness of ISO17799
2005cited by this paper
The Social Side of Sanctions: Personal and Social Norms as Moderators of Deterrence
2004cited by this paper
The theory of planned behavior
1991cited by this paper
Prevention of Crime and Delinquency
1986cited by this paper
Prediction of goal directed behaviour: Attitudes, intentions and perceived behavioural control
1986cited by this paper
Multivariate data analysis
1972influential reference
International Journal of Information Management the Effects of Individual Motivations and Social Capital on Employees' Tacit and Explicit Knowledge Sharing Intentions
year unknowncited by this paper

CITED BY

Integrating Human Factors into Insider Threat Detection – A Systematic Review
2026cites this paper
Machine learning solutions with deep multilayer exogenous networks for distributed denial of service attacks model on networked resources in critical infrastructure
2026cites this paper
Beyond the direct impact of sanctions and subjective norms in cybersecurity
2025cites this paper
Unveiling Insider Threats in South Korean Companies: Causes and Countermeasures Through Convenience Theory and Perceived Punishment
2025cites this paper
A structured review of insider cybersecurity behaviour studies
2025influential citation
Adapting Insider Risk mitigations for Agentic Misalignment: an empirical study
2025influential citation
Exploring information security compliant behaviors in healthcare Knowledge Process Outsourcing (KPOs)
2025cites this paper
Assessing Information Security Awareness for a Tailored Intervention Program: A Study of Employees at Ifugao State University, Cordillera Administrative Region, Philippines
2025cites this paper
Securing E-governance: a blockchain-based framework for tamper-proof PDF document exchange
2025cites this paper
SoK: The Psychology of Insider Threats
2025cites this paper
Boosting employee information security compliance: the contingent roles of task–technology and person–organization fits
2025influential citation
Securing the Future: Al-Driven Cybersecurity Solutions for Oil and Gas Industry
2025cites this paper
The Effect of Organizational Factors on the Mitigation of Information Security Insider Threats
2025cites this paper
An Edge-Computing-Based Integrated Framework for Network Traffic Analysis and Intrusion Detection to Enhance Cyber–Physical System Security in Industrial IoT
2025cites this paper
Promoting employees’ information security vigilance by enhancing awareness: the roles of organizational climate and deterrence measures
2025cites this paper
Gravitating towards technology-based emerging financial crime: A PRISMA-based systematic review
2025cites this paper
Information security education: a thematic trend analysis
2025cites this paper
The impact of Technology on Crime Detection and Prevention
2024cites this paper
An exploration of dark and light triad personality traits towards situational crime prevention and compliant information security behaviour
2024cites this paper
Information Security Culture: The Effect of Strategy, Technology, Organization, People and the Environment
2024influential citation
Using Situational Crime Prevention (SCP)-C3 cycle and common inventory of cybersecurity controls from ISO/IEC 27002:2022 to prevent cybercrimes
2024cites this paper
Critical Factors and Practices in Mitigating Cybercrimes within E-Government Services: A Rapid Review on Optimising Public Service Management
2024cites this paper
Organizational Environment, Protection Motives, Adoption of Machine Learning, and Cybersecurity Behavior
2024cites this paper
Insider threat mitigation: Systematic literature review
2024cites this paper
Questioning penalties and road safety Policies: Are they enough to deter risky motorcyclist Behavior?
2024cites this paper
What Do We Know About the Psychology of Insider Threats?
2024cites this paper
Securing Electronic Health Records from Insider Threats in Smart City Healthcare Cloud Using Machine Learning Approach
2024cites this paper
BWM Integrated VIKOR method using Neutrosophic fuzzy sets for cybersecurity risk assessment of connected and autonomous vehicles
2024cites this paper
Organizations' readiness for insider attacks: A process‐oriented approach
2024cites this paper
M-EOS: modified-equilibrium optimization-based stacked CNN for insider threat detection
2024cites this paper
A Review of the Insider Threat, a Practitioner Perspective Within the U.K. Financial Services
2024influential citation
A Situation Based Predictive Approach for Cybersecurity Intrusion Detection and Prevention Using Machine Learning and Deep Learning Algorithms in Wireless Sensor Networks of Industry 4.0
2024cites this paper
IT Risk Management: Towards a System for Enhancing Objectivity in Asset Valuation That Engenders a Security Culture
2024cites this paper
Online abuse: a systematic literature review and future research agenda
2024cites this paper
A method for insider threat assessment by modeling the internal employee interactions
2023cites this paper
The Role of e-Governance in Improving Local Governments Performance (Case Study: Sumbawa Regency)
2023cites this paper
Developing Chatbots for Cyber Security: Assessing Threats through Sentiment Analysis on Social Media
2023cites this paper
Employees’ BYOD Security Policy Compliance in the Public Sector
2023cites this paper
Implementing Snort Intrusion Prevention System (IPS) for Network Forensic Analysis
2023cites this paper
Male and female students: who are more likely to be involved in risky riding behaviours and which are influencing factors?
2023cites this paper
Insider threats among Dutch SMEs: Nature and extent of incidents, and cyber security measures
2023cites this paper
Predicting Insider Breaches Using Employee Reviews
2023cites this paper
The impact of an employee’s psychological contract breach on compliance with information security policies: intrinsic and extrinsic motivation
2023influential citation
Fostering information security policies compliance with ISA-95-based framework: an empirical study of oil and gas employees
2023cites this paper
Knowledge and Perceived Security as Driven The Continuance Use of Mobile Fintech Payments
2023cites this paper
Bring Your Own Device Information Security Policy Compliance Framework: A Systematic Literature Review and Bibliometric Analysis (2017–2022)
2022cites this paper
Employees' Compliance with ISP: A Socio-Technical Conceptual Model
2022cites this paper
Situational Crime Prevention (SCP) techniques to prevent and control cybercrimes: A focused systematic review
2022cites this paper
The determinants of an information security policy compliance culture in organisations: the combined effects of organisational and behavioural factors
2022cites this paper
Investigation of information security policy violations among oil and gas employees: A security-related stress and avoidance coping perspective
2022cites this paper
Employees' intentions toward complying with information security controls in Saudi Arabia's public organisations
2022cites this paper
Procedural Information Security Countermeasure Awareness and Cybersecurity Protection Motivation in Enhancing Employee’s Cybersecurity Protective Behaviour
2022cites this paper
Cyber–Information Security Compliance and Violation Behaviour in Organisations: A Systematic Review
2022cites this paper
Determinants of Information Security Awareness and Behaviour Strategies in Public Sector Organizations among Employees
2022influential citation
Understanding the effects of situational crime prevention and personality factors on insider compliance
2022cites this paper
A review for insider threats detection using machine learning
2022cites this paper
The Effect of IS Value Dissimilarity According to IS Task Complexity and Competitive Climate within the Organization
2022cites this paper
Information Security Behavior and Information Security Policy Compliance: A Systematic Literature Review for Identifying the Transformation Process from Noncompliance to Compliance
2021cites this paper
Analysis of Differences in Information Security Compliance according to Individual Coping and Organizational Homogeneity Culture
2021influential citation
The Effect of Organizational Information Security Climate on Information Security Policy Compliance: The Mediating Effect of Social Bonding towards Healthcare Nurses
2021cites this paper
Management Research and Practice
2021cites this paper
A Study on the Relationship between Usability of GUIs and Power Consumption of a PC: The Case of PHRs
2021cites this paper
A study on the Effects of Organization Justice and Organization Trust on Mitigation of Techno-stress Related to Information Security
2021cites this paper
Towards protecting organisations’ data by preventing data theft by malicious insiders
2021cites this paper
Personality trait of conscientiousness impact on tacit knowledge sharing: the mediating effect of eagerness and subjective norm
2021cites this paper
A model of digital identity for better information security in e-learning systems
2021cites this paper
INTRODUCING A NOVEL INTEGRATED MODEL FOR THE ADOPTION OF INFORMATION SECURITY AWARENESS THROUGH CONTROL, PREDICTION, MOTIVATION, AND DETERRENCE FACTORS: A PILOT STUDY
2021cites this paper
Examining attitudes towards cybersecurity compliance through the lens of the psychological contract
2021cites this paper
Sustainable Information Security Behavior Management: An Empirical Approach for the Causes of Employees’ Voice Behavior
2021cites this paper
A guiding framework for enhancing database security in state-owned universities in Zimbabwe
2021cites this paper
Prevention of crime by criminal law and operational-search means
2021cites this paper
A Configurational Analysis of the Causes of Consumer Indirect Misbehaviors in Access-Based Consumption
2020cites this paper
A meta-analysis of the deterrence theory in security-compliant and security-risk behaviors
2020cites this paper
Evaluating the Effectiveness of Deterrence Theory in Information Security Compliance
2020cites this paper
The Role of Human Resource Management in Enhancing Organizational Information Systems Security
2020cites this paper
Towards a Student Security Compliance Model (SSCM)
2020cites this paper
Analysis of hidden Markov model learning algorithms for the detection and prediction of multi-stage network attacks
2020cites this paper
Applying attitude-behaviour models to mitigate insider cyber threats
2020cites this paper
Dynamic Model for Evaluating Information Systems Security by System Dynamics Modeling
2020cites this paper
Toward a stage theory of the development of employees' information security behavior
2020cites this paper
Factors Influencing Information Security Policy Compliance Behavior
2020cites this paper
Development and Validation of a Classified Information Assurance Scale for Institutions of Higher Learning
2020cites this paper
Affecting Factors in Information Security Policy Compliance: Combine Organisational Factors and User Habits
2020cites this paper
A Study on the Mitigation of Information Security Avoid Behavior: From Goal Setting, Justice, Trust perspective
2020cites this paper
Privacy Enhancing Technologies (PETs) for connected vehicles in smart cities
2020cites this paper
The influence of hardiness and habit on security behaviour intention
2020cites this paper
A Study on Mitigation of Information Security Related Work Stress
2020cites this paper
Security Requirements Engineering Framework with BPMN 2.0.2 Extension Model for Development of Information Systems
2020cites this paper
Ensemble Adaboost classifier for accurate and fast detection of botnet attacks in connected vehicles
2020influential citation
Factors Influencing Information Security Policy Compliance Behavior
2019cites this paper
Issues and Trends in Information Security Policy Compliance
2019cites this paper
AIS Electronic Library (AISeL) AIS Electronic Library (AISeL)
year unknowninfluential citation
EURASIAN JOURNAL OF SOCIAL SCIENCES
year unknowncites this paper