Does risk disposition play a role in influencing decisions to behave SECUREly?

Sanjay Goel, Merrill Warkentin, Kevin Williams, Karen Renaud

Research output: Contribution to conferencePaperpeer-review

18 Downloads (Pure)

Abstract

Employees continue to be the weakest link in an organizational security ecosystem, exposing organizational assets through carelessness, malicious threats, or apathy towards security policies. Security-related decision making is a complex process that is driven by an individual’s risk perception, self-efficacy, and their propensity to accept risks. Existing behavioral security re-search on user security behavior is rooted in models based on rational choice theory such as protection motivation theory and deterrence theory, both of which focus on using fear appeals and punishments to prompt desired security behavior. Recent research on human rationality suggests that security-related decision making is far more complex and nuanced, not a simple carrot-and-stick related process, and not necessarily grounded in rational reasoning. In reality, a combination of dispositional and situational factors is likely to interact to influence security decisions. In this paper we explore the role of one particular dispositional factor, individual risk acceptance vs. risk aversion. While not refuting the influence of other factors, we argue that this factor plays a key role in influencing security behaviors. We propose a model that depicts the impact of individual dispositional risk propensity and situational risk perception on employees' security-related decisions. We believe this model will lay a foundation for de-signing effective security compliance interventions.
Original languageEnglish
Number of pages8
Publication statusPublished - 7 Oct 2016
Event2016 Dewald Roode Workshop - New Mexico, United States
Duration: 7 Oct 20168 Oct 2016
https://www.ifiptc11.org/8-news/32-the-2016-dewald-roode-workshop-on-information-systems-security-research

Conference

Conference2016 Dewald Roode Workshop
Country/TerritoryUnited States
CityNew Mexico
Period7/10/168/10/16
Internet address

Keywords

  • information security
  • risk disposition
  • risk tolerance
  • risk aversion

Fingerprint

Dive into the research topics of 'Does risk disposition play a role in influencing decisions to behave SECUREly?'. Together they form a unique fingerprint.

Cite this