Manchester Metropolitan University logo
e-space
Manchester Metropolitan University's Research Repository

    Deterrence and prevention-based model to mitigate information security insider threats in organisations

    Safa, Nader Sohrabi, Maple, Carsten, Furnell, Steve, Azad, Muhammad Ajmal, Perera, Charith, Dabbagh, Mohammad and Sookhak, Mehdi (2019) Deterrence and prevention-based model to mitigate information security insider threats in organisations. Future Generation Computer Systems, 97. pp. 587-597. ISSN 0167-739X

    [img]
    Preview
    		 Accepted Version
    Available under License Creative Commons Attribution Non-commercial No Derivatives.
    Download (869kB) | Preview

    Abstract

    Previous studies show that information security breaches and privacy violations are important issues for organisations and people. It is acknowledged that decreasing the risk in this domain requires consideration of the technological aspects of information security alongside human aspects. Employees intentionally or unintentionally account for a significant portion of the threats to information assets in organisations. This research presents a novel conceptual framework to mitigate the risk of insiders using deterrence and prevention approaches. Deterrence factors discourage employees from engaging in information security misbehaviour in organisations, and situational crime prevention factors encourage them to prevent information security misconduct. Our findings show that perceived sanctions certainty and severity significantly influence individuals’ attitudes and deter them from information security misconduct. In addition, the output revealed that increasing the effort, risk and reducing the reward (benefits of crime) influence the employees’ attitudes towards prevent information security misbehaviour. However, removing excuses and reducing provocations do not significantly influence individuals’ attitudes towards prevent information security misconduct. Finally, the output of the data analysis also showed that subjective norms, perceived behavioural control and attitude influence individuals’ intentions, and, ultimately, their behaviour towards avoiding information security misbehaviour.

    Item Type: Article (Article)
    Peer-reviewed: Yes
    Date Deposited: 22 Nov 2023 16:15
    Publisher: Elsevier
    Additional Information: © 2019. This manuscript version is made available under the CC-BY-NC-ND 4.0 license https://creativecommons.org/licenses/by-nc-nd/4.0/(opens in new tab/window)
    Divisions: Faculties > Science and Engineering
    Subject terms: 0803 Computer Software, 0805 Distributed Computing, 0806 Information Systems, Distributed Computing
    URI: https://e-space.mmu.ac.uk/id/eprint/633272
    DOI: https://doi.org/10.1016/j.future.2019.03.024
    ISSN 0167-739X

    Impact and Reach

    Statistics

    DownloadsShow export options
    Activity Overview
    6 month trend
    47Downloads
    6 month trend
    17Hits

    Additional statistics for this dataset are available via IRStats2.

    Altmetric

    Repository staff only

    Edit record Edit record