IDEAS home Printed from https://ideas.repec.org/a/inm/orisre/v20y2009i1p79-98.html
   My bibliography  Save this article

User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach

Author

Listed:
  • John D'Arcy

    (Mendoza College of Business, University of Notre Dame, Notre Dame, Indiana 46556)

  • Anat Hovav

    (Korea University Business School, Seoul 136-701 Korea)

  • Dennis Galletta

    (Katz Graduate School of Business, University of Pittsburgh, Pittsburgh, Pennsylvania 15260)

Abstract

Intentional insider misuse of information systems resources (i.e., IS misuse) represents a significant threat to organizations. For example, industry statistics suggest that between 50%--75% of security incidents originate from within an organization. Because of the large number of misuse incidents, it has become important to understand how to reduce such behavior. General deterrence theory suggests that certain controls can serve as deterrent mechanisms by increasing the perceived threat of punishment for IS misuse. This paper presents an extended deterrence theory model that combines work from criminology, social psychology, and information systems. The model posits that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention. The model is then tested on 269 computer users from eight different companies. The results suggest that three practices deter IS misuse: user awareness of security policies; security education, training, and awareness (SETA) programs; and computer monitoring. The results also suggest that perceived severity of sanctions is more effective in reducing IS misuse than certainty of sanctions. Further, there is evidence that the impact of sanction perceptions vary based on one's level of morality. Implications for the research and practice of IS security are discussed.

Suggested Citation

  • John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
  • Handle: RePEc:inm:orisre:v:20:y:2009:i:1:p:79-98
    DOI: 10.1287/isre.1070.0160
    as

    Download full text from publisher

    File URL: http://dx.doi.org/10.1287/isre.1070.0160
    Download Restriction: no

    File URL: https://libkey.io/10.1287/isre.1070.0160?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Michael Workman & John Gathegi, 2007. "Punishment and ethics deterrents: A study of insider security contravention," Journal of the American Society for Information Science and Technology, Association for Information Science & Technology, vol. 58(2), pages 212-222, January.
    2. Jarvis, Cheryl Burke & MacKenzie, Scott B & Podsakoff, Philip M, 2003. "A Critical Review of Construct Indicators and Measurement Model Misspecification in Marketing and Consumer Research," Journal of Consumer Research, Journal of Consumer Research Inc., vol. 30(2), pages 199-218, September.
    3. Alm, James & McKee, Michael, 2006. "Audit Certainty, Audit Productivity, and Taxpayer Compliance," National Tax Journal, National Tax Association;National Tax Journal, vol. 59(4), pages 801-816, December.
    4. Michael D. Wybo & Detmar W. Straub Jr., 1989. "Protecting Organizational Information Resources," Information Resources Management Journal (IRMJ), IGI Global, vol. 2(4), pages 1-16, October.
    5. Armstrong, J. Scott & Overton, Terry S., 1977. "Estimating Nonresponse Bias in Mail Surveys," MPRA Paper 81694, University Library of Munich, Germany.
    6. Dubin, Jeffrey A. & Graetz, Michael J. & Wilde, Louis L., 1990. "The Effect of Audit Rates on the Federal Individual Income Tax, 1977-1986," National Tax Journal, National Tax Association, vol. 43(4), pages 395-409, December.
    7. Urs E. Gattiker & Helen Kelley, 1999. "Morality and Computers: Attitudes and Differences in Moral Judgments," Information Systems Research, INFORMS, vol. 10(3), pages 233-254, September.
    8. Dubin, Jeffrey A. & Graetz, Michael J. & Wilde, Louis L., 1990. "The Effect of Audit Rates on the Federal Individual Income Tax, 1977-1986," National Tax Journal, National Tax Association;National Tax Journal, vol. 43(4), pages 395-409, December.
    9. Detmar W. Straub, 1990. "Effective IS Security: An Empirical Study," Information Systems Research, INFORMS, vol. 1(3), pages 255-276, September.
    10. Naresh K. Malhotra & Sung S. Kim & Ashutosh Patil, 2006. "Common Method Variance in IS Research: A Comparison of Alternative Approaches and a Reanalysis of Past Research," Management Science, INFORMS, vol. 52(12), pages 1865-1883, December.
    11. Wynne W. Chin & Barbara L. Marcolin & Peter R. Newsted, 2003. "A Partial Least Squares Latent Variable Modeling Approach for Measuring Interaction Effects: Results from a Monte Carlo Simulation Study and an Electronic-Mail Emotion/Adoption Study," Information Systems Research, INFORMS, vol. 14(2), pages 189-217, June.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kawai, Norifumi & Chung, Chul, 2019. "Expatriate utilization, subsidiary knowledge creation and performance: The moderating role of subsidiary strategic context," Journal of World Business, Elsevier, vol. 54(1), pages 24-36.
    2. Jean, Ruey-Jer “Bryan” & Kim, Daekwan & Cavusgil, Erin, 2020. "Antecedents and outcomes of digital platform risk for international new ventures’ internationalization," Journal of World Business, Elsevier, vol. 55(1).
    3. Alm, James & Jackson, Betty R. & McKee, Michael, 2009. "Getting the word out: Enforcement information dissemination and compliance behavior," Journal of Public Economics, Elsevier, vol. 93(3-4), pages 392-402, April.
    4. Phong Nguyen, Nguyen & Adomako, Samuel & Ahsan, Mujtaba, 2023. "The base-of- the-pyramid orientation and export performance of Vietnamese small and medium enterprises," Journal of Business Research, Elsevier, vol. 154(C).
    5. Ismael Barros-Contreras & Héctor Pérez-Fernández & Natalia Martín-Cruz & Juan Hernangómez B., 2023. "Can we make family social capital flourish? The moderating role of generational involvement," Journal of Family and Economic Issues, Springer, vol. 44(3), pages 655-673, September.
    6. Zhang, Man & Hartley, Janet L., 2018. "Guanxi, IT systems, and innovation capability: The moderating role of proactiveness," Journal of Business Research, Elsevier, vol. 90(C), pages 75-86.
    7. Jonathan Dörr & Thomas Wagner & Alexander Benlian & Thomas Hess, 2013. "Music as a Service as an Alternative to Music Piracy?," Business & Information Systems Engineering: The International Journal of WIRTSCHAFTSINFORMATIK, Springer;Gesellschaft für Informatik e.V. (GI), vol. 5(6), pages 383-396, December.
    8. Malte Brettel & Andreas Engelen & Thomas Müller & Oliver Schilke, 2011. "Distribution Channel Choice of New Entrepreneurial Ventures," Entrepreneurship Theory and Practice, , vol. 35(4), pages 683-708, July.
    9. Nambisan, Satish & Baron, Robert A., 2021. "On the costs of digital entrepreneurship: Role conflict, stress, and venture performance in digital platform-based ecosystems," Journal of Business Research, Elsevier, vol. 125(C), pages 520-532.
    10. Johnson, Cathleen & Masclet, David & Montmarquette, Claude, 2010. "The Effect of Perfect Monitoring of Matched Income on Sales Tax Compliance: An Experimental Investigation," National Tax Journal, National Tax Association;National Tax Journal, vol. 63(1), pages 121-148, March.
    11. Andrew R. Finley, 2019. "The impact of large tax settlement favorability on firms’ subsequent tax avoidance," Review of Accounting Studies, Springer, vol. 24(1), pages 156-187, March.
    12. Picot-Coupey, Karine & Burt, Steve L. & Cliquet, Gérard, 2014. "Retailers׳ expansion mode choice in foreign markets: Antecedents for expansion mode choice in the light of internationalization theories," Journal of Retailing and Consumer Services, Elsevier, vol. 21(6), pages 976-991.
    13. Zhaleh Najafi-Tavani & Axèle Giroud & Rudolf R. Sinkovics, 2012. "Mediating Effects in Reverse Knowledge Transfer Processes," Management International Review, Springer, vol. 52(3), pages 461-488, June.
    14. Jean, Ruey Jer Bryan & Kim, Daekwan & Choi, Kyuyeong, 2021. "Pattern of information technology use and relationship learning in international customer-supplier relationships," International Business Review, Elsevier, vol. 30(4).
    15. Yajiong Xue & Huigang Liang & Liansheng Wu, 2011. "Punishment, Justice, and Compliance in Mandatory IT Settings," Information Systems Research, INFORMS, vol. 22(2), pages 400-414, June.
    16. Mohammad Alghababsheh & David Gallear, 2021. "Socially Sustainable Supply Chain Management and Suppliers’ Social Performance: The Role of Social Capital," Journal of Business Ethics, Springer, vol. 173(4), pages 855-875, November.
    17. Jean, Ruey-Jer “Bryan” & Kim, Daekwan, 2020. "Internet and SMEs' internationalization: The role of platform and website," Journal of International Management, Elsevier, vol. 26(1).
    18. Cai, Shun & Chen, Xi & Bose, Indranil, 2013. "Exploring the role of IT for environmental sustainability in China: An empirical analysis," International Journal of Production Economics, Elsevier, vol. 146(2), pages 491-500.
    19. James Alm & Matthias Kasper, 2020. "Laboratory Experiments," Working Papers 2008, Tulane University, Department of Economics.
    20. Heng Xu & Hock-Hai Teo & Bernard C. Y. Tan & Ritu Agarwal, 2012. "Research Note ---Effects of Individual Self-Protection, Industry Self-Regulation, and Government Regulation on Privacy Concerns: A Study of Location-Based Services," Information Systems Research, INFORMS, vol. 23(4), pages 1342-1363, December.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:orisre:v:20:y:2009:i:1:p:79-98. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.