Does risk disposition play a role in influencing decisions to behave SECUREly?

Goel, Sanjay and Warkentin, Merrill and Williams, Kevin and Renaud, Karen (2016) Does risk disposition play a role in influencing decisions to behave SECUREly? In: 2016 Dewald Roode Workshop, 2016-10-07 - 2016-10-08.

Preview

Text. Filename: Goel_etal_IFIP_2016_Does_risk_disposition_play_a_role_in_influencing.pdf Accepted Author Manuscript License: Strathprints license 1.0 Download (373kB)| Preview

Abstract

Employees continue to be the weakest link in an organizational security ecosystem, exposing organizational assets through carelessness, malicious threats, or apathy towards security policies. Security-related decision making is a complex process that is driven by an individual’s risk perception, self-efficacy, and their propensity to accept risks. Existing behavioral security re-search on user security behavior is rooted in models based on rational choice theory such as protection motivation theory and deterrence theory, both of which focus on using fear appeals and punishments to prompt desired security behavior. Recent research on human rationality suggests that security-related decision making is far more complex and nuanced, not a simple carrot-and-stick related process, and not necessarily grounded in rational reasoning. In reality, a combination of dispositional and situational factors is likely to interact to influence security decisions. In this paper we explore the role of one particular dispositional factor, individual risk acceptance vs. risk aversion. While not refuting the influence of other factors, we argue that this factor plays a key role in influencing security behaviors. We propose a model that depicts the impact of individual dispositional risk propensity and situational risk perception on employees' security-related decisions. We believe this model will lay a foundation for de-signing effective security compliance interventions.

ORCID iDs

Renaud, Karen ORCID: https://orcid.org/0000-0002-7187-6531

• Share and Export
  

  RDF+XMLBibTeXRIOXX2 XMLRDF+N-TriplesJSONDublin CoreAtomSimple MetadataReferMETSHTML CitationASCII CitationOpenURL ContextObjectEndNoteOpenURL ContextObject in SpanMODSMPEG-21 DIDLEP3 XMLData Cite XMLRIS (EndNote Online, Zotero, Ref manager, etc)RDF+N3Multiline CSV
• Item metadata

  Item type:	Conference or Workshop Item(Paper)
  ID code:	82818
  Dates:	Date Event 7 October 2016 Published
  Subjects:	Science > Mathematics > Computer software
  Department:	Faculty of Science > Computer and Information Sciences
  Depositing user:	Pure Administrator
  Date deposited:	18 Oct 2022 11:42
  Last modified:	11 Nov 2024 17:07
  Related URLs:	Event
  URI:	https://strathprints.strath.ac.uk/id/eprint/82818