Motivation and opportunity based model to reduce information security insider threats in organisations

Abstract

Information technology has brought many advantages for organisations, but information security is still a major concern in this domain. Users, whether intentionally or through negligence, are a great potential of risk to information assets. The lack of awareness, ignorance, negligence, resistance, disobedience, apathy and mischievous are root of information security incidents in organisations. As such, insider threats have attracted a number of experts’ attention in this domain. Two particularly important considerations when exploring insider threats are motivation and opportunity. The most significant aspect of this research is derived from two fundamental theories – Social Bond Theory (SBT), used to motivate misbehaviour avoidance, and Situational Crime Prevention Theory (SCPT), to reduce the opportunities for misbehaviour. The results of data analysis show that situational prevention factors such as increasing the effort and risk, reducing the rewards and removing excuses can have a significant effect on negative attitudes towards misbehaviour, though reducing provocations does not have any effect on attitudes. Further, social bond factors such as commitment to organisational policies and procedures, involvement in information security activities and personal norms have significant effects on negative attitude towards misbehaviour. However, the attachment does not have any significant effect on employees’ attitude in order to avoid misbehaviour. The findings also show that negative attitudes towards misbehaviour influence employees’ intention positively, and in turn intention to avoid misbehaviour reduces insider threat behaviour. The outputs of this study shed some light on factors to reduce misbehaviour in the domain of information security for academics and practitioners