Dustin Ormond - Academia.edu (original) (raw)
Papers by Dustin Ormond
Information system security literature has primarily focused on cognitive processes and their imp... more Information system security literature has primarily focused on cognitive processes and their impact on information security policy noncompliance behavior. Specific cognitive theories that have been applied include planned behavior, rational choice, deterrence, neutralization, and protection motivation. However, affective processes may better determine misuse or information security policy noncompliance than cognitive processes. The purpose of this dissertation is to evaluate the impact of affective absorption (i.e. the trait or disposition to become deeply involved with one’s emotions) and affective flow (i.e. a state of deep involvement with one’s emotions) on cognitive processes in the context of attitude toward and compliance with information security policies. In essence, individuals with high levels of negative affective absorption may be more prone to experience negative affective flow which may lead to deviant behavior such as misuse of organizational information or noncompl...
Jesuit Higher Education: A Journal, 2019
Advancing education in marginalized communities has been more difficult compared to more privileg... more Advancing education in marginalized communities has been more difficult compared to more privileged communities due to the lack of infrastructure, which in part results in an absence of educational materials. The BlueBox Project was created to minimize this divide by bringing a wealth of information to these communities. Using a small digital computer, faculty, staff, and students across many disciplines built the BlueBox, a standalone digital library which hosts an array of books, articles, educational games, and videos to inspire learning in a variety of subjects including science, technology, math, music, and literature. The BlueBox is powered by solar energy, battery, or power outlets and is accessible without the need for Internet access. An academic service-learning practicum course was developed as part of The BlueBox Project to enhance students’ disciplinespecific knowledge and create a dialogue surrounding development, poverty, culture, social injustice, and service. This i...
Despite existing countermeasures to combat malicious actions, users are the last line of defense ... more Despite existing countermeasures to combat malicious actions, users are the last line of defense to protect personal and organizational assets. Given that users often ignore warning messages that motivate compliant behavior, the issue of protecting personal and organizational assets is exacerbated. Messages that are largely ignored cannot have any impact on attitudes, motivation, or behavior. Therefore, crafting messages that increase attention and comprehension regarding specific threats and ways to cope with these threats is vital. This research combines the communication-human information processing (C-HIP) model with protection motivation theory (PMT) to assess how warning message content affects adherence especially when users pay attention to the content of the warning message. In essence, this study considers a holistic view of examining the channel (warning message), attention, comprehension and their influence on attitudes and beliefs, motivation, and behavior. Additionally, we propose including alternative courses of action in digital warning messages to increase secure attitudes, beliefs, and behavior. We test this holistic model through a series of field and lab experiments to evaluate message comprehension, attitudes, and beliefs and capture actual attention and secure behavior. [http://ifip.byu.edu/ifip2015.html Paper download]
Information Systems Journal, 2021
Data breaches across various industries infer that human curiosity has a powerful influence on in... more Data breaches across various industries infer that human curiosity has a powerful influence on information security behaviors. Drawing on Human Curiosity Theory, this study seeks to determine the impact that human curiosity has on information security policy violations despite the existence of training programs to increase information security awareness, the sanctions for violating information system policies, and the costs far exceeding the benefits associated with an information security violation. This study explores how human curiosity leads to data breaches by focusing on the innate desire of knowledge acquisition and the aversive emotional state resulting from knowledge deprivation. This leads to the two main objectives of this study: (1) identify and propose security countermeasures to curb insider curiosity and prevent data breaches and (2) present how Human Curiosity Theory challenges the notions of both General Deterrence Theory and Rational Choice Theory.
Insider abuse is one of the most dangerous issues facing information security professionals due t... more Insider abuse is one of the most dangerous issues facing information security professionals due to employees’ existing authorization within organizational systems and knowledge of critical data structures housing confidential information. Although prior research has examined ways to mitigate access policy violations through the implementation of accountability artifacts within systems, employees may still be motivated to violate policies due to their innate curiosity about information that has been withheld from their knowledge. In this paper, we discuss how curiosity may impact the previously demonstrated effects of accountability features on intention to violate policies. We propose a factorial survey design to explore the interaction of curiosity and accountability in determining employees’ intentions to violate data access policies
Foreign nations have increased their efforts in testing the strength and exposing system vulnerab... more Foreign nations have increased their efforts in testing the strength and exposing system vulnerabilities of the cybersecurity critical infrastructure of the countries’ with western principles and alliances. Even more alarming is the shortage of cybersecurity talent in both private and public sectors to combat these efforts. To ensure the nation has an adequate talent pool for defending its critical information assets, cybersecurity skills should be cultivated among citizens by encouraging them to pursue cybersecurity education in universities and colleges. However, a substantial hurdle is the challenging, complex, and technical nature of cybersecurity, which requires a lot of diligence. This study draws on Flow Theory and Self-Determination Theory to propose a solution/framework to attract individuals to the field of cybersecurity to bolster the talent pool of available cybersecurity experts
Computers & Security, 2020
Abstract Because there is a critical shortage of cybersecurity talent, information security profe... more Abstract Because there is a critical shortage of cybersecurity talent, information security professionals and researchers should cultivate cybersecurity skills by encouraging individuals to pursue cybersecurity learning. However, some aspects of cybersecurity require substantial effort and perseverance for conceptual understanding to be gained. We propose motivation as the key to ensuring continuous engagement with and successful learning of such cybersecurity concepts. With a lab-based training program that taught participants about SQL injection attacks, we tested a research model that integrated flow theory and self-determination theory. Within the training program, we captured participants’ persistence in attempting and successfully completing the training exercises while also measuring their perceptions of motivation and flow. We found that flow facilitated motivation and its key antecedents. Flow and task significance had the strongest effects on motivation, while motivation fostered learning persistence and performance. We recommend training programs that maximize flow and task significance.
Journal of the Association for Information Systems, 2019
Information systems security behavioral research has primarily focused on individual cognitive pr... more Information systems security behavioral research has primarily focused on individual cognitive processes and their impact on information security policy noncompliance. However, affective processes (operationalized by affective absorption and affective flow) may also significantly contribute to misuse or information security policy noncompliance. Our research study evaluated the impact of affective absorption (i.e., the trait or disposition to allow one's emotions to drive decisionmaking) and affective flow (i.e., a state of immersion with one's emotions) on cognitive processes in the context of attitude toward and compliance with information security policies. Our conceptual model was evaluated using a laboratory research design. We found that individuals who were frustrated by work-related tasks experienced negative affective flow and violated information security policies. Furthermore, perceptions of organizational injustice increased negative affective flow. Our findings underscore the need for understanding affective processes as well as cognitive processes which may lead to a more holistic understanding regarding information security policy compliance.
Journal of the Association for Information Systems, 2018
Organizations use security education, training, and awareness (SETA) programs to counter internal... more Organizations use security education, training, and awareness (SETA) programs to counter internal security threats and promote compliance with information security policies. Yet, employees often use neutralization techniques to rationalize noncompliant behavior. We investigated three theorybased communication approaches that can be incorporated into SETA programs to help increase compliance behavior: (1) informational communication designed to explain why policies are important; (2) normative communication designed to explain that other employees would not violate policies; and (3) antineutralization communication designed to inhibit rationalization. We conducted a repeated measures factorial design survey using a survey panel of full-time working adults provided by Qualtrics. Participants received a SETA communication with a combination of one to three persuasion statements (informational influence, normative influence statement, and/or an antineutralization), followed by a scenario description that asked for their intentions to comply with the security policy. We found that both informational (weakly) and antineutralization communication (strongly) decreased violation intentions, but that normative communication had no effect. In scenarios where neutralizations were explicitly suggested to participants, antineutralization communication was the only approach that worked. Our findings suggest that we need more research on SETA techniques that include antineutralization communication to understand how it influences behavior beyond informational and normative communication.
Journal of Information Technology Education: Innovations in Practice, 2015
The ways people connect, interact, share, and communicate have changed due to recent developments... more The ways people connect, interact, share, and communicate have changed due to recent developments in information technology. These developments, categorized as social media, have captured the attention of business executives, technologists, and education professionals alike, and have altered many business models. Additionally, the concept of social media impacts numerous sub-disciplines within business and has become an important issue with operational, tactical, and strategic considerations. Despite this interest, many business schools do not have courses involving social media technologies and applications. In those that do, the placement and focus of the course varies considerably. This article provides motivation and insight into the process of developing an approach for effectively teaching social media use in business. Additionally, it offers implementation examples of courses taught at three major universities. The article concludes with lessons-learned that will give instruc...
Information Systems Frontiers, 2017
Individuals can perform many different behaviors to protect themselves from computer security thr... more Individuals can perform many different behaviors to protect themselves from computer security threats. Research, however, generally explores computer security behaviors in isolation, typically looking at one behavior per study, such as usage of malware or strong passwords. However, defense in depth requires that multiple behaviors be performed concurrently for one's computer to be protected. Addressing this gap in prior research, this study measures 279 individuals' computer security behaviors and analyzes them with multi-dimensional scaling. We examined three security threats: security related performance degradation, identify theft, and data loss. The results present a mapping of security behaviors performed together with other behaviors on two dimensions for each of these threats. Using expert reviews of the resulting dimensions, the study proposes that response efficacy and response cost help explain why people perform certain behaviors together. These findings can help explain inconsistent results in prior information security research because they focused on one behavior only whereas people perform various security behaviors together in an effort to mitigate specific security threats. The study informs research and practice by identifying security threat-response pairs via expert interviews, surveying individuals on how they perform multiple security behaviors concurrently to mitigate security threats, identifying why certain behaviors are performed together, and using these findings to identify reasons why IS security research has confounding results based on specific individual threat-response pairs used in prior studies.
Journal of Information Privacy and Security, 2016
Detecting scareware messages that seek to deceive users with fear-inducing words and images is cr... more Detecting scareware messages that seek to deceive users with fear-inducing words and images is critical to protect users from sharing their identity information, money, and/or time with bad actors. Through a scenario-based experiment, the present study evaluated factors that aid users in perceiving deceptive communications. An online experiment was administered yielding 213 usable responses. The data from the study indicate high levels of deception detection self-efficacy and source trustworthiness increase the likelihood an individual will perceive a scareware message as deceptive. Additionally, technology awareness enhances self-efficacy to detect deception and reduces individual perceptions of source trustworthiness. Finally, the data significantly illustrate behavioral intention to use scareware is lower when the message is perceived as deceptive.
Journal of Computer Information Systems, 2015
As we are continually confronted with increasingly sophisticated electronic messages, distinguish... more As we are continually confronted with increasingly sophisticated electronic messages, distinguishing messages that are valid from irrelevant, malicious, or otherwise undeserving of the recipient's attention has become an extremely important task. The present study leverages the lens of information manipulation theory (IMT) to analyze the impact of perceived message quality and quantity on perceived source competence and message honesty, and their subsequent impact on perceived risk, which is an individual's assessment of the potential harm that could result from accepting a deceitful message as valid. We administered phishing scenarios to subjects and evaluated their responses to survey items related to the given scenario. The data indicate that perceived message honesty, third-party support, and technology anxiety influence risk perceptions of a message. In addition, message quality, as defined by IMT, strongly influences individual perceptions of honesty.
Computers & Security, 2013
Past research on information technology (IT) security training and awareness has focused on infor... more Past research on information technology (IT) security training and awareness has focused on informing employees about security policies and formal sanctions for violating those policies. However, research suggests that deterrent sanctions may not be the most powerful influencer of employee violations. Often, employees use rationalizations, termed neutralization techniques, to overcome the effects of deterrence when deciding whether or not to violate a policy. Therefore, neutralization techniques often are stronger than sanctions in predicting employee behavior. For this study, we examine "denial of injury," "metaphor of the ledger," and "defense of necessity" as relevant justifications for violating password policies that are commonly used in organizations as used in (Siponen and Vance, 2010). Initial research on neutralization in IS security has shown that results are consistent regardless of which type of neutralization is considered (Siponen and Vance, 2010). In this study, we investigate whether IT security communication focused on mitigating neutralization, rather than deterrent sanctions, can reduce intentions to violate security policies. Additionally, considering the effects of message framing in persuading individuals against security policy violations are largely unexamined, we predict that negatively-framed communication will be more persuasive than positively-framed communication. We test our hypotheses using the factorial survey method. Our results suggest that security communication and training that focuses on neutralization techniques is just as effective as communication that focuses on deterrent sanctions in persuading employees not to violate policies, and that both types of framing are equally effective.
Communication technologies have advanced at unprecedented rates each year. Together with these ad... more Communication technologies have advanced at unprecedented rates each year. Together with these advances in technology, the Smartphone has emerged and has experienced a dramatic increase in worldwide use. In fact, Smartphones have becomethe “all-in-one” device or the “Swiss army knife” as they provide mobile access to voice, video, data, and imagecommunications. Even though Smartphones have brought many challenges, the advantages appear to far outweigh thedisadvantages. The purpose of this ...
Detecting fake antivirus messages is important as these messages mislead users into unintentional... more Detecting fake antivirus messages is important as these messages mislead users into unintentionally surrendering their identity, money, or time. The present study discusses factors which aid users in perceiving deceptive communications. In a pilot study, this study utilized a scenario to measure these factors. A pre-‐scenario and a post-‐scenario survey were administered to evaluate factors affecting perceived deception with 213 usable responses. The data from the pilot study support that technology awareness significantly ...
Information system security literature has primarily focused on cognitive processes and their imp... more Information system security literature has primarily focused on cognitive processes and their impact on information security policy noncompliance behavior. Specific cognitive theories that have been applied include planned behavior, rational choice, deterrence, neutralization, and protection motivation. However, affective processes may better determine misuse or information security policy noncompliance than cognitive processes. The purpose of this dissertation is to evaluate the impact of affective absorption (i.e. the trait or disposition to become deeply involved with one’s emotions) and affective flow (i.e. a state of deep involvement with one’s emotions) on cognitive processes in the context of attitude toward and compliance with information security policies. In essence, individuals with high levels of negative affective absorption may be more prone to experience negative affective flow which may lead to deviant behavior such as misuse of organizational information or noncompl...
Jesuit Higher Education: A Journal, 2019
Advancing education in marginalized communities has been more difficult compared to more privileg... more Advancing education in marginalized communities has been more difficult compared to more privileged communities due to the lack of infrastructure, which in part results in an absence of educational materials. The BlueBox Project was created to minimize this divide by bringing a wealth of information to these communities. Using a small digital computer, faculty, staff, and students across many disciplines built the BlueBox, a standalone digital library which hosts an array of books, articles, educational games, and videos to inspire learning in a variety of subjects including science, technology, math, music, and literature. The BlueBox is powered by solar energy, battery, or power outlets and is accessible without the need for Internet access. An academic service-learning practicum course was developed as part of The BlueBox Project to enhance students’ disciplinespecific knowledge and create a dialogue surrounding development, poverty, culture, social injustice, and service. This i...
Despite existing countermeasures to combat malicious actions, users are the last line of defense ... more Despite existing countermeasures to combat malicious actions, users are the last line of defense to protect personal and organizational assets. Given that users often ignore warning messages that motivate compliant behavior, the issue of protecting personal and organizational assets is exacerbated. Messages that are largely ignored cannot have any impact on attitudes, motivation, or behavior. Therefore, crafting messages that increase attention and comprehension regarding specific threats and ways to cope with these threats is vital. This research combines the communication-human information processing (C-HIP) model with protection motivation theory (PMT) to assess how warning message content affects adherence especially when users pay attention to the content of the warning message. In essence, this study considers a holistic view of examining the channel (warning message), attention, comprehension and their influence on attitudes and beliefs, motivation, and behavior. Additionally, we propose including alternative courses of action in digital warning messages to increase secure attitudes, beliefs, and behavior. We test this holistic model through a series of field and lab experiments to evaluate message comprehension, attitudes, and beliefs and capture actual attention and secure behavior. [http://ifip.byu.edu/ifip2015.html Paper download]
Information Systems Journal, 2021
Data breaches across various industries infer that human curiosity has a powerful influence on in... more Data breaches across various industries infer that human curiosity has a powerful influence on information security behaviors. Drawing on Human Curiosity Theory, this study seeks to determine the impact that human curiosity has on information security policy violations despite the existence of training programs to increase information security awareness, the sanctions for violating information system policies, and the costs far exceeding the benefits associated with an information security violation. This study explores how human curiosity leads to data breaches by focusing on the innate desire of knowledge acquisition and the aversive emotional state resulting from knowledge deprivation. This leads to the two main objectives of this study: (1) identify and propose security countermeasures to curb insider curiosity and prevent data breaches and (2) present how Human Curiosity Theory challenges the notions of both General Deterrence Theory and Rational Choice Theory.
Insider abuse is one of the most dangerous issues facing information security professionals due t... more Insider abuse is one of the most dangerous issues facing information security professionals due to employees’ existing authorization within organizational systems and knowledge of critical data structures housing confidential information. Although prior research has examined ways to mitigate access policy violations through the implementation of accountability artifacts within systems, employees may still be motivated to violate policies due to their innate curiosity about information that has been withheld from their knowledge. In this paper, we discuss how curiosity may impact the previously demonstrated effects of accountability features on intention to violate policies. We propose a factorial survey design to explore the interaction of curiosity and accountability in determining employees’ intentions to violate data access policies
Foreign nations have increased their efforts in testing the strength and exposing system vulnerab... more Foreign nations have increased their efforts in testing the strength and exposing system vulnerabilities of the cybersecurity critical infrastructure of the countries’ with western principles and alliances. Even more alarming is the shortage of cybersecurity talent in both private and public sectors to combat these efforts. To ensure the nation has an adequate talent pool for defending its critical information assets, cybersecurity skills should be cultivated among citizens by encouraging them to pursue cybersecurity education in universities and colleges. However, a substantial hurdle is the challenging, complex, and technical nature of cybersecurity, which requires a lot of diligence. This study draws on Flow Theory and Self-Determination Theory to propose a solution/framework to attract individuals to the field of cybersecurity to bolster the talent pool of available cybersecurity experts
Computers & Security, 2020
Abstract Because there is a critical shortage of cybersecurity talent, information security profe... more Abstract Because there is a critical shortage of cybersecurity talent, information security professionals and researchers should cultivate cybersecurity skills by encouraging individuals to pursue cybersecurity learning. However, some aspects of cybersecurity require substantial effort and perseverance for conceptual understanding to be gained. We propose motivation as the key to ensuring continuous engagement with and successful learning of such cybersecurity concepts. With a lab-based training program that taught participants about SQL injection attacks, we tested a research model that integrated flow theory and self-determination theory. Within the training program, we captured participants’ persistence in attempting and successfully completing the training exercises while also measuring their perceptions of motivation and flow. We found that flow facilitated motivation and its key antecedents. Flow and task significance had the strongest effects on motivation, while motivation fostered learning persistence and performance. We recommend training programs that maximize flow and task significance.
Journal of the Association for Information Systems, 2019
Information systems security behavioral research has primarily focused on individual cognitive pr... more Information systems security behavioral research has primarily focused on individual cognitive processes and their impact on information security policy noncompliance. However, affective processes (operationalized by affective absorption and affective flow) may also significantly contribute to misuse or information security policy noncompliance. Our research study evaluated the impact of affective absorption (i.e., the trait or disposition to allow one's emotions to drive decisionmaking) and affective flow (i.e., a state of immersion with one's emotions) on cognitive processes in the context of attitude toward and compliance with information security policies. Our conceptual model was evaluated using a laboratory research design. We found that individuals who were frustrated by work-related tasks experienced negative affective flow and violated information security policies. Furthermore, perceptions of organizational injustice increased negative affective flow. Our findings underscore the need for understanding affective processes as well as cognitive processes which may lead to a more holistic understanding regarding information security policy compliance.
Journal of the Association for Information Systems, 2018
Organizations use security education, training, and awareness (SETA) programs to counter internal... more Organizations use security education, training, and awareness (SETA) programs to counter internal security threats and promote compliance with information security policies. Yet, employees often use neutralization techniques to rationalize noncompliant behavior. We investigated three theorybased communication approaches that can be incorporated into SETA programs to help increase compliance behavior: (1) informational communication designed to explain why policies are important; (2) normative communication designed to explain that other employees would not violate policies; and (3) antineutralization communication designed to inhibit rationalization. We conducted a repeated measures factorial design survey using a survey panel of full-time working adults provided by Qualtrics. Participants received a SETA communication with a combination of one to three persuasion statements (informational influence, normative influence statement, and/or an antineutralization), followed by a scenario description that asked for their intentions to comply with the security policy. We found that both informational (weakly) and antineutralization communication (strongly) decreased violation intentions, but that normative communication had no effect. In scenarios where neutralizations were explicitly suggested to participants, antineutralization communication was the only approach that worked. Our findings suggest that we need more research on SETA techniques that include antineutralization communication to understand how it influences behavior beyond informational and normative communication.
Journal of Information Technology Education: Innovations in Practice, 2015
The ways people connect, interact, share, and communicate have changed due to recent developments... more The ways people connect, interact, share, and communicate have changed due to recent developments in information technology. These developments, categorized as social media, have captured the attention of business executives, technologists, and education professionals alike, and have altered many business models. Additionally, the concept of social media impacts numerous sub-disciplines within business and has become an important issue with operational, tactical, and strategic considerations. Despite this interest, many business schools do not have courses involving social media technologies and applications. In those that do, the placement and focus of the course varies considerably. This article provides motivation and insight into the process of developing an approach for effectively teaching social media use in business. Additionally, it offers implementation examples of courses taught at three major universities. The article concludes with lessons-learned that will give instruc...
Information Systems Frontiers, 2017
Individuals can perform many different behaviors to protect themselves from computer security thr... more Individuals can perform many different behaviors to protect themselves from computer security threats. Research, however, generally explores computer security behaviors in isolation, typically looking at one behavior per study, such as usage of malware or strong passwords. However, defense in depth requires that multiple behaviors be performed concurrently for one's computer to be protected. Addressing this gap in prior research, this study measures 279 individuals' computer security behaviors and analyzes them with multi-dimensional scaling. We examined three security threats: security related performance degradation, identify theft, and data loss. The results present a mapping of security behaviors performed together with other behaviors on two dimensions for each of these threats. Using expert reviews of the resulting dimensions, the study proposes that response efficacy and response cost help explain why people perform certain behaviors together. These findings can help explain inconsistent results in prior information security research because they focused on one behavior only whereas people perform various security behaviors together in an effort to mitigate specific security threats. The study informs research and practice by identifying security threat-response pairs via expert interviews, surveying individuals on how they perform multiple security behaviors concurrently to mitigate security threats, identifying why certain behaviors are performed together, and using these findings to identify reasons why IS security research has confounding results based on specific individual threat-response pairs used in prior studies.
Journal of Information Privacy and Security, 2016
Detecting scareware messages that seek to deceive users with fear-inducing words and images is cr... more Detecting scareware messages that seek to deceive users with fear-inducing words and images is critical to protect users from sharing their identity information, money, and/or time with bad actors. Through a scenario-based experiment, the present study evaluated factors that aid users in perceiving deceptive communications. An online experiment was administered yielding 213 usable responses. The data from the study indicate high levels of deception detection self-efficacy and source trustworthiness increase the likelihood an individual will perceive a scareware message as deceptive. Additionally, technology awareness enhances self-efficacy to detect deception and reduces individual perceptions of source trustworthiness. Finally, the data significantly illustrate behavioral intention to use scareware is lower when the message is perceived as deceptive.
Journal of Computer Information Systems, 2015
As we are continually confronted with increasingly sophisticated electronic messages, distinguish... more As we are continually confronted with increasingly sophisticated electronic messages, distinguishing messages that are valid from irrelevant, malicious, or otherwise undeserving of the recipient's attention has become an extremely important task. The present study leverages the lens of information manipulation theory (IMT) to analyze the impact of perceived message quality and quantity on perceived source competence and message honesty, and their subsequent impact on perceived risk, which is an individual's assessment of the potential harm that could result from accepting a deceitful message as valid. We administered phishing scenarios to subjects and evaluated their responses to survey items related to the given scenario. The data indicate that perceived message honesty, third-party support, and technology anxiety influence risk perceptions of a message. In addition, message quality, as defined by IMT, strongly influences individual perceptions of honesty.
Computers & Security, 2013
Past research on information technology (IT) security training and awareness has focused on infor... more Past research on information technology (IT) security training and awareness has focused on informing employees about security policies and formal sanctions for violating those policies. However, research suggests that deterrent sanctions may not be the most powerful influencer of employee violations. Often, employees use rationalizations, termed neutralization techniques, to overcome the effects of deterrence when deciding whether or not to violate a policy. Therefore, neutralization techniques often are stronger than sanctions in predicting employee behavior. For this study, we examine "denial of injury," "metaphor of the ledger," and "defense of necessity" as relevant justifications for violating password policies that are commonly used in organizations as used in (Siponen and Vance, 2010). Initial research on neutralization in IS security has shown that results are consistent regardless of which type of neutralization is considered (Siponen and Vance, 2010). In this study, we investigate whether IT security communication focused on mitigating neutralization, rather than deterrent sanctions, can reduce intentions to violate security policies. Additionally, considering the effects of message framing in persuading individuals against security policy violations are largely unexamined, we predict that negatively-framed communication will be more persuasive than positively-framed communication. We test our hypotheses using the factorial survey method. Our results suggest that security communication and training that focuses on neutralization techniques is just as effective as communication that focuses on deterrent sanctions in persuading employees not to violate policies, and that both types of framing are equally effective.
Communication technologies have advanced at unprecedented rates each year. Together with these ad... more Communication technologies have advanced at unprecedented rates each year. Together with these advances in technology, the Smartphone has emerged and has experienced a dramatic increase in worldwide use. In fact, Smartphones have becomethe “all-in-one” device or the “Swiss army knife” as they provide mobile access to voice, video, data, and imagecommunications. Even though Smartphones have brought many challenges, the advantages appear to far outweigh thedisadvantages. The purpose of this ...
Detecting fake antivirus messages is important as these messages mislead users into unintentional... more Detecting fake antivirus messages is important as these messages mislead users into unintentionally surrendering their identity, money, or time. The present study discusses factors which aid users in perceiving deceptive communications. In a pilot study, this study utilized a scenario to measure these factors. A pre-‐scenario and a post-‐scenario survey were administered to evaluate factors affecting perceived deception with 213 usable responses. The data from the pilot study support that technology awareness significantly ...