Search results for "Deterrence"

Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures

2020

A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies using this theory have produced mixed results. Past research has indicated that cultural differences may be one reason for these inconsistent findings and have hence called for cross-cultural research on deterrence in information security. To address this gap, we formulated a model including deterrence, moral beliefs, shame, and neutralization techniques and tested it with the employees from 48 countries working for a large multinational company. peerReviewed

Common Misunderstandings of Deterrence Theory in Information Systems Research and Future Research Directions

2022

In the 1980s, information systems (IS) borrowed deterrence theory (DT) from the field of criminology to explain information security behaviors (or intention). Today, DT is among the most commonly used theories in IS security research. Our review of IS research applying DT highlights that many fundamental assumptions of DT are unrecognized and therefore unexamined. This may have resulted in misunderstandings and conceptual confusions regarding some of the basic concepts of DT. For example, some IS studies confuse general deterrence with specific deterrence or do not recognize the difference between the two. Moreover, these fundamental assumptions, when directly examined, may provide importan…

The Cumulative Cyber Deterrence

2022

The cumulative cyber deterrence can be seen as a concept in which increasing the weight of different means and their use increases the deterrent effect on a common level or on selected adversaries. Cumulative cyber deterrence may include all traditional options of deterrence, and can be active or passive. Active deterrence can be characterized as targeting specific threats and actors, as a deterrent consisting of several different methods, while passive deterrence is a form of deterrence commonly targeted at all the potential adversaries. The cumulative cyber deterrence can be an independent type of deterrence or part of a state’s overall deterrence. This paper approaches the concept of cum…

Cyber deterrence and Russia’s active cyber defense

2020

Exploring determinants of different information security behaviors

2016

Aim: The aim was to introduce new explanatory construct, namely illegitimate tasks from Stress-as-Offense-to-Self Theory (SOS), to better understand information security behavior (ISB). In addition, more commonly used constructs from Deterrence theory (DT) and Protection Motivation Theory (PMT) were used to explain ISB. This study also investigated several behaviors separately to evaluate the generalizability of the behavioral determinants. Methods: Four ISBs, namely general ISP compliance (ISP), not copying sensitive information to the unsecured USB drive (USB), locking or logging out from the computer (LOG), and not writing down passwords (PSW). Formal and informal sanctions from DT, thre…

Understanding Crowdturfing : The Different Ethical Logics Behind the Clandestine Industry of Deception

2017

Crowdturfing, the dark side and usually unnoticed face of crowdsourcing, represents a form of cyber-deception in which workers are paid to express a false digital impression. While such behavior may not be punishable under the jurisdiction of formal law, its consequences are destructive to the cohesion and trustworthiness of online information. The conceptual work at hand examines the current literature on the topic, and lays the foundation for a theoretical framework that explains crowdturfing behavior. We discuss crowdturfing through three ethical normative approaches: traditional philosophical ethics, business ethics, and codified rules. We apply these lenses to an illustrative example o…