Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach

D'Arcy, J and Hovav, A and Galletta, D (2009) User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20 (1). 79 - 98. ISSN 1047-7047

[img] Plain Text (licence)
Available under License : See the attached license file.

Download (1kB)


Intentional insider misuse of information systems resources (i.e., IS misuse) represents a significant threat to organizations. For example, industry statistics suggest that between 50%-75% of security incidents originate from within an organization. Because of the large number of misuse incidents, it has become important to understand how to reduce such behavior. General deterrence theory suggests that certain controls can serve as deterrent mechanisms by increasing the perceived threat of punishment for IS misuse. This paper presents an extended deterrence theory model that combines work from criminology, social psychology, and information systems. The model posits that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention. The model is then tested on 269 computer users from eight different companies. The results suggest that three practices deter IS misuse: user awareness of security policies; security education, training, and awareness (SETA) programs; and computer monitoring. The results also suggest that perceived severity of sanctions is more effective in reducing IS misuse than certainty of sanctions. Further, there is evidence that the impact of sanction perceptions vary based on one's level of morality. Implications for the research and practice of IS security are discussed. © 2009 INFORMS.


Social Networking:
Share |


Item Type: Article
Status: Published
CreatorsEmailPitt UsernameORCID
D'Arcy, J
Hovav, A
Galletta, DGALLETTA@pitt.eduGALLETTA
Date: 1 January 2009
Date Type: Publication
Journal or Publication Title: Information Systems Research
Volume: 20
Number: 1
Page Range: 79 - 98
DOI or Unique Handle: 10.1287/isre.1070.0160
Schools and Programs: College of Business Administration > Business Administration
Refereed: Yes
ISSN: 1047-7047
Date Deposited: 28 Aug 2012 14:13
Last Modified: 30 Oct 2018 14:05


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item