The Insider Threat to Organizational Information Security: A Structural Model and Empirical Test
Abstract
The organizational insider, through his or her intentional violation of organizational security policy, arguably represents one of the greatest threats to organizational information security. Drawing from the Theory of Planned Behavior, General Deterrence Theory, and the organizational behavior concepts of organizational commitment and organizational (security) culture, this study develops a research model to predict an individual’s intention to violate an organization’s security policy. A test of the model was conducted using data obtained from a convenience sample of government employees. This research found evidence that deterrent factors such as perceived punishment certainty and perceived punishment factors, when placed in the framework of The Theory of Planned Behavior, are useful for predicting an individual’s intention to violate his/her organization’s information security policy.