Organizational information security management for sustainable information systems: An unethical employee information security behavior perspective

Man Ying Amanda CHU, Mike K. P. SO

Research output: Contribution to journalArticles

Abstract

This article examines the occurrences of four types of unethical employee information security behavior—misbehavior in networks/applications, dangerous Web use, omissive security behavior, and poor access control—and their relationships with employees’ information security management efforts to maintain sustainable information systems in the workplace. In terms of theoretical contributions, this article identifies and develops reliable and valid instruments to measure different types of unethical employee information security behavior. In addition, it investigates factors affecting different types of such behavior and how such behavior can be used to predict employees’ willingness to report information security incidents. In terms of managerial contributions, the article suggests that information security awareness programs and perceived punishment have differential effects on the four types of unethical behavior and that certain types of unethical information security behavior exert negative effects on employees’ willingness to report information security incidents. The findings will help managers to derive better security rules and policies, which are important for business continuity. Copyright © 2020 by the authors.
Original languageEnglish
Article number3163
JournalSustainability
Volume12
Issue number8
DOIs
Publication statusPublished - 02 Apr 2020

Citation

Chu, A. M. Y., & So, M. K. P. (2020). Organizational information security management for sustainable information systems: An unethical employee information security behavior perspective. Sustainability, 12(8). Retrieved from https://doi.org/10.3390/su12083163

Keywords

  • Business continuity
  • Information security
  • Information systems misuse
  • Insider
  • Unethical behavior

Fingerprint Dive into the research topics of 'Organizational information security management for sustainable information systems: An unethical employee information security behavior perspective'. Together they form a unique fingerprint.