Deterrence and Prevention-based Model to Mitigate Information Security Insider Threats in Organisations
Nader Sohrabi Safa, Carsten Maple, Steve Furnell, Muhammad Ajmal Azad,, Charith Perera, Mohammad Dabbagh, Mehdi Sookhak

TL;DR
This paper proposes a novel framework combining deterrence and prevention strategies to reduce insider threats in organizations by influencing employee attitudes and behaviors through perceived sanctions and situational factors.
Contribution
It introduces a new conceptual model integrating deterrence and situational crime prevention to mitigate insider threats, emphasizing psychological and behavioral influences.
Findings
Perceived sanctions certainty and severity deter misconduct.
Increasing effort and risk reduces employees' inclination to misbehave.
Subjective norms and perceived control influence intentions to avoid security breaches.
Abstract
Previous studies show that information security breaches and privacy violations are important issues for organisations and people. It is acknowledged that decreasing the risk in this domain requires consideration of the technological aspects of information security alongside human aspects. Employees intentionally or unintentionally account for a significant portion of the threats to information assets in organisations. This research presents a novel conceptual framework to mitigate the risk of insiders using deterrence and prevention approaches. Deterrence factors discourage employees from engaging in information security misbehaviour in organisations, and situational crime prevention factors encourage them to prevent information security misconduct. Our findings show that perceived sanctions certainty and severity significantly influence individuals' attitudes and deter them from…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security · Cybercrime and Law Enforcement Studies · Network Security and Intrusion Detection
