Routine, Situational, and Exceptional Security Violations in Organizations

Authors

Clay Posey, Brigham Young University
Mitch McCoard, Brigham Young University
A. J. Burns, Louisiana State University
Tom L. Roberts, University of Texas at Tyler

Document Type

Conference Proceeding

Publication Date

1-1-2024

Abstract

When it comes to employees' negative influence on organizational security, researchers are typically interested in three behavioral categories: passive mistakes, volitional non-malicious non-compliance (NMNC), and malicious computer abuse. Despite research that shows that NMNC represents the majority of employees' negative security-related actions, we know relatively little about how employees perceive these actions and what organizations can do as a result. We integrate the framework of routine, situational, and exceptional violations from safety science to frame our exploration of NMNC. We demonstrate that the factors associated with this violation framework can be used to determine how insiders view NMNC behaviors. We provide insight into important differences among the NMNC behaviors and show how insiders can be clustered into one of three groups based on their violation perceptions.

Publication Source (Journal or Book title)

30th Americas Conference on Information Systems Amcis 2024

Recommended Citation

Posey, C., McCoard, M., Burns, A., & Roberts, T. (2024). Routine, Situational, and Exceptional Security Violations in Organizations. 30th Americas Conference on Information Systems Amcis 2024 Retrieved from https://repository.lsu.edu/infosys_pubs/40