John D'Arcy - Notre Dame
Students: Fall 2024, unless noted otherwise, sessions will be virtual on Zoom.
User Awareness of Security Countermeasures and its Impact on Information Systems Misuse: A Deterrence Approach
Apr 15, 2009
Download: MP4 Video Size: 654.0MBWatch on YouTube
Abstract
Intentional insider misuse of information systems resources (i.e., IS misuse) represents a significant threat to organizations. For example, industry statistics suggest that between 50-75% of security incidents originate from within an organization. Because of the large number of misuse incidents, it has become important to understand how to reduce such behavior. General deterrence theory suggests that certain controls can serve as deterrent mechanisms by increasing the perceived threat of punishment for IS misuse. This study presents an extended deterrence theory model that combines work from criminology, social psychology, and information systems. The model posits that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention. The model is then tested on 269 computer users from eight different companies. The results suggest that three practices deter IS misuse: user awareness of security policies; security education, training, and awareness (SETA) programs; and computer monitoring. The results also suggest that perceived severity of sanctions is more effective in reducing IS misuse than certainty of sanctions. Further, there is evidence that the impact of sanction perceptions vary based on one's level of morality. The results have implications for both the research and practice of IS security.About the Speaker
John D'Arcy is an Assistant Professor in the Department of Management in the Mendoza College of Business at the University of Notre Dame. Dr. D'Arcy teaches an MBA course on technology risk management and an undergraduate course on computer networking and security. After gaining a BS in Finance from The Pennsylvania State University, he worked the following four years as a cost accountant and then a financial systems analyst for Ford Motor Company. During that time, he earned an MBA from LaSalle University. He subsequently earned a PhD in Business Administration with a concentration in Management Information Systems from Temple University.
Dr. D'Arcy's research interests include information assurance and security, computer ethics, and human-computer interaction. In recent papers, he has examined the effectiveness of procedural and technical security controls in deterring computer abuse. His research also investigates individual and organizational factors that contribute to end user security behavior in the workplace. Dr. D'Arcy has published articles in journals such as Information Systems Research, Communications of the ACM, Decision Support Systems, Journal of Information System Security, and Computers & Security.
Dr. D'Arcy's research interests include information assurance and security, computer ethics, and human-computer interaction. In recent papers, he has examined the effectiveness of procedural and technical security controls in deterring computer abuse. His research also investigates individual and organizational factors that contribute to end user security behavior in the workplace. Dr. D'Arcy has published articles in journals such as Information Systems Research, Communications of the ACM, Decision Support Systems, Journal of Information System Security, and Computers & Security.