Applying Push-Pull-Mooring model to investigate non-malicious workarounds behavior
Abstract
More than half of the violations of information systems security policies are initiated by
non-malicious activities of insiders. To investigate these non-malicious activities, we utilized the
theory of workaround and argued that the application of neutralization techniques impacts the
use of workarounds. We built our model using three theories: the theory of workaround, push pull-mooring theory, and techniques of neutralization. We identified the elements of
workarounds related to non-malicious violations and proposed a theoretical perspective using the
push-pull-mooring theory to investigate non-malicious workarounds empirically. We propose
that non-malicious activities of insiders can be seen as a switching behavior, with push factors
such as system dissatisfaction and time pressure, and pull factors such as convenience and
alternative attractiveness. The mooring factors in our model are techniques of neutralization,
including denial of injury, denial of responsibility, and defense of necessity. We employed the
scenario-based factorial survey method to mitigate the effect of social desirability bias. Our
mixed model analysis indicates that time pressure, convenience, denial of injury, and defense of
necessity significantly impact an individual's likelihood of engaging in non-malicious
workarounds. Additionally, the relative weight analysis of our model shows that convenience
and time pressure explain most of the variance in our model.
Description
Keywords
Information Systems, Security, Insiders, Non-malicious, Push-pull-mooring, Techniques of Neutralization, Factorial Survey Method, Threat
Citation
Aljohani, Nawaf Rasheed, "Applying Push-Pull-Mooring model to investigate non-malicious workarounds behavior" (2023). Theses and Dissertations. 5905. https://scholarsjunction.msstate.edu/td/5905