{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T23:45:29Z","timestamp":1771631129878,"version":"3.50.1"},"publisher-location":"Cham","reference-count":51,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030504380","type":"print"},{"value":"9783030504397","type":"electronic"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-50439-7_22","type":"book-chapter","created":{"date-parts":[[2020,7,9]],"date-time":"2020-07-09T23:21:31Z","timestamp":1594336891000},"page":"316-334","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Confronting Information Security\u2019s Elephant, the Unintentional Insider Threat"],"prefix":"10.1007","author":[{"given":"Matthew","family":"Canham","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Clay","family":"Posey","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Patricia S.","family":"Bockelman","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,7,10]]},"reference":[{"key":"22_CR1","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9781139062367","volume-title":"Human Error","author":"J Reason","year":"1990","unstructured":"Reason, J.: Human Error. Cambridge University Press, Cambridge (1990)"},{"key":"22_CR2","unstructured":"Goldberg, M.: 10 of the biggest data breaches over the last decade (2019). https:\/\/www.bankrate.com\/finance\/banking\/us-data-breaches-1.aspx#slide=1. Accessed 30 Jan 2020"},{"key":"22_CR3","unstructured":"Bissell, K., LaSalle, R., Dal Cin, P.: The Cost of Cybercrime: Ninth Annual Cost of Cybercrime Study. Accenture (2019)"},{"issue":"4","key":"22_CR4","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1145\/1104004.1104010","volume":"36","author":"GP Im","year":"2005","unstructured":"Im, G.P., Baskerville, R.L.: A longitudinal study of information system threat categories: the enduring problem of human error. Database Adv. Inf. Syst. 36(4), 68\u201379 (2005)","journal-title":"Database Adv. Inf. Syst."},{"key":"22_CR5","doi-asserted-by":"crossref","unstructured":"Verizon: Data Breach Investigations Report (2019)","DOI":"10.1016\/S1361-3723(19)30060-0"},{"key":"22_CR6","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"167","DOI":"10.1007\/978-1-5041-2919-0_14","volume-title":"Information Systems Security","author":"R Baskerville","year":"1996","unstructured":"Baskerville, R.: A taxonomy for analyzing hazards to information systems. In: Katsikas, S.K., Gritzalis, D. (eds.) SEC 1996. IAICT, pp. 167\u2013176. Springer, Boston, MA (1996). https:\/\/doi.org\/10.1007\/978-1-5041-2919-0_14"},{"key":"22_CR7","unstructured":"Reilly, R.B.: 95% of successful security attacks are the result of human error (2014). https:\/\/venturebeat.com\/2014\/06\/19\/95-of-successful-security-attacks-are-the-result-of-human-error\/. Accessed 30 Jan 2020"},{"key":"22_CR8","unstructured":"Targett, E.: Revealed: human error, not hackers, to blame for vast majority of data breaches (2018). https:\/\/www.cbronline.com\/news\/kroll-foi-ico. Accessed 30 Jan 2020"},{"key":"22_CR9","unstructured":"Metinko, C.: Cybersecurity training sees flood of M&A (2018). https:\/\/www.forbes.com\/sites\/mergermarket\/2018\/08\/17\/cybersecurity-training-sees-flood-of-ma\/#5d8e709d2266. Accessed 30 Jan 2020"},{"key":"22_CR10","unstructured":"Statista: Spending on cybersecurity in the United States from 2010 to 2018 (2019). https:\/\/www.statista.com\/statistics\/615450\/cybersecurity-spending-in-the-us\/. Accessed 30 Jan 2020"},{"key":"22_CR11","doi-asserted-by":"crossref","unstructured":"Carpenter, P.: Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors. Wiley, Indianapolis (2019)","DOI":"10.1002\/9781119566380"},{"issue":"2","key":"22_CR12","doi-asserted-by":"publisher","first-page":"525","DOI":"10.25300\/MISQ\/2019\/15117","volume":"43","author":"WA Cram","year":"2019","unstructured":"Cram, W.A., D\u2019Arcy, J., Proudfoot, J.G.: Seeing the forest and the trees: a meta-analysis of the antecedents to information security policy compliance. MIS Q. 43(2), 525\u2013554 (2019)","journal-title":"MIS Q."},{"issue":"1","key":"22_CR13","doi-asserted-by":"publisher","first-page":"2","DOI":"10.1108\/ICS-04-2017-0025","volume":"26","author":"B von Solms","year":"2018","unstructured":"von Solms, B., von Solms, R.: Cybersecurity and information security\u2013what goes where? Inf. Comput. Secur. 26(1), 2\u20139 (2018)","journal-title":"Inf. Comput. Secur."},{"key":"22_CR14","unstructured":"Conrad, E., Misenar, S., Feldman, J.: CISSP Study Guide, 2nd edn. Syngress, Waltham (2012)"},{"key":"22_CR15","unstructured":"Debenedetti, G. The email headache that won\u2019t go away (2016). https:\/\/www.politico.com\/story\/2016\/07\/hillary-clinton-email-fbi-fallout-225113. Accessed 30 Jan 2020"},{"key":"22_CR16","unstructured":"Response, S.S.: W32.Duqu: the precursor to the next Stuxnet (2011). https:\/\/www.symantec.com\/connect\/w32_duqu_precursor_next_stuxnet. Accessed 30 Jan 2020"},{"key":"22_CR17","unstructured":"Graff, G.M.: How a dorm room minecraft scam brought down the Internet (2017). https:\/\/www.wired.com\/story\/mirai-botnet-minecraft-scam-brought-down-the-internet\/. Accessed 30 Jan 2020"},{"key":"22_CR18","unstructured":"Spadafora, A.: 90 percent of data breaches are caused by human error (2019). https:\/\/www.techradar.com\/news\/90-percent-of-data-breaches-are-caused-by-human-error. Accessed 30 Jan 2020"},{"key":"22_CR19","unstructured":"IBM: X-Force Threat Intelligence Index (2019)"},{"key":"22_CR20","unstructured":"Targett, E.: Personal Communication with M. Canham (2020)"},{"key":"22_CR21","unstructured":"Justice, C.D.O.: California Data Breach Report, 2012\u20132015 (2016)"},{"key":"22_CR22","unstructured":"Chubb: Chubb cyber index: providing data driven insight on cyber threat trends (2020). https:\/\/chubbcyberindex.com\/#\/incident-growth. Accessed 30 Jan 2020"},{"issue":"1","key":"22_CR23","doi-asserted-by":"publisher","first-page":"1","DOI":"10.25300\/MISQ\/2013\/37.1.01","volume":"37","author":"R Willison","year":"2013","unstructured":"Willison, R., Warkentin, M.: Beyond deterrence: an expanded view of employee computer abuse. MIS Q. 37(1), 1\u201320 (2013)","journal-title":"MIS Q."},{"key":"22_CR24","unstructured":"Norman, D.: The Design of Everyday Things, Revised and Expanded edn. Basic Books, New York (2013)"},{"key":"22_CR25","doi-asserted-by":"crossref","unstructured":"Perrow, C.: Normal Accidents: Living with High Risk Technologies, Updated edn. Princeton University Press, Princeton (2011)","DOI":"10.2307\/j.ctt7srgf"},{"key":"22_CR26","doi-asserted-by":"crossref","unstructured":"Rasmussen, J.: Skills, rules, and knowledge; signals, signs, and symbols, and other distinctions in human performance models. IEEE Trans. Syst. Man Cybern. SMC-13(3), 257\u2013266 (1983)","DOI":"10.1109\/TSMC.1983.6313160"},{"key":"22_CR27","unstructured":"SKYbrary: Human error types (2016). https:\/\/www.skybrary.aero\/index.php\/Human_Error_Types. Accessed 30 Jan 2020"},{"key":"22_CR28","doi-asserted-by":"crossref","unstructured":"Rader, E., Munasinghe, A.: \u201cWait, do I know this person?\u201d Understanding misdirected Email. In: Proceedings of the 2019 CHI Conference on Human Factors in Computing Systems, Glasgow, Scotland (2019)","DOI":"10.1145\/3290605.3300520"},{"issue":"5","key":"22_CR29","doi-asserted-by":"publisher","first-page":"551","DOI":"10.1016\/j.im.2014.03.009","volume":"51","author":"C Posey","year":"2014","unstructured":"Posey, C., et al.: Bridging the divide: a qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders. Inf. Manag. 51(5), 551\u2013567 (2014)","journal-title":"Inf. Manag."},{"key":"22_CR30","unstructured":"Chubb: Chubb Cyber Library (2020). https:\/\/chubbcyberindex.com\/#\/cyber-library. Accessed 30 Jan 2020"},{"issue":"2","key":"22_CR31","doi-asserted-by":"crossref","first-page":"555","DOI":"10.2307\/256693","volume":"38","author":"SL Robinson","year":"1995","unstructured":"Robinson, S.L., Bennett, R.J.: A typology of deviant workplace behaviors: a multidimensional scaling study. Acad. Manag. J. 38(2), 555\u2013572 (1995)","journal-title":"Acad. Manag. J."},{"key":"22_CR32","doi-asserted-by":"publisher","first-page":"274","DOI":"10.1016\/j.cose.2014.06.007","volume":"45","author":"M Silic","year":"2014","unstructured":"Silic, M., Back, A.: Shadow IT\u2013a view from behind the curtain. Comput. Secur. 45, 274\u2013283 (2014)","journal-title":"Comput. Secur."},{"key":"22_CR33","unstructured":"Posey, C., Canham, M.: A computational social science approach to examine the duality between productivity and cybersecurity policy compliance within organizations. In: International Conference on Social Computing, Behavioral-Cultural Modeling & Prediction and Behavior Representation in Modeling and Simulation (SBP-BRiMS), Washington D.C. (2018)"},{"key":"22_CR34","doi-asserted-by":"crossref","unstructured":"Wilson, M., Hash, J.: SP 800-50: Building an Information Technology Security Awareness and Training Program, NIST, Gaithersburg (2003)","DOI":"10.6028\/NIST.SP.800-50"},{"key":"22_CR35","doi-asserted-by":"crossref","unstructured":"Aldawood, H., Skinner, G.: Educating and raising awareness on cyber security social engineering: a literature review. In: 2018 IEEE International Conference on Teaching, Assessment, and Learning for Engineering (TALE), Wollongong, NSW, Australia. IEEE (2018)","DOI":"10.1109\/TALE.2018.8615162"},{"issue":"3","key":"22_CR36","doi-asserted-by":"publisher","first-page":"523","DOI":"10.2307\/25750690","volume":"34","author":"B Bulgurcu","year":"2010","unstructured":"Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34(3), 523\u2013548 (2010)","journal-title":"MIS Q."},{"key":"22_CR37","unstructured":"Cannon, H.M., Feinstein, A.H.: Bloom beyond Bloom: Using the revised taxonomy to develop experiential learning strategies. In: Developments in Business Simulation and Experiential Learning: Proceedings of the Annual ABSEL Conference, Orlando, FL (2005)"},{"key":"22_CR38","unstructured":"Mayer, R.E.: Applying the Science of Learning. Pearson\/Allyn & Bacon, Boston (2011)"},{"issue":"6","key":"22_CR39","doi-asserted-by":"publisher","first-page":"1187","DOI":"10.1111\/deci.12304","volume":"49","author":"A Burns","year":"2018","unstructured":"Burns, A., et al.: Intentions to comply versus intentions to protect: a VIE theory approach to understanding the influence of insiders\u2019 awareness of organizational SETA efforts. Decis. Sci. 49(6), 1187\u20131228 (2018)","journal-title":"Decis. Sci."},{"key":"22_CR40","unstructured":"Kennedy, D.: Writing and Using Learning Outcomes: A Practical Guide. University College Cork (2006)"},{"issue":"4","key":"22_CR41","doi-asserted-by":"crossref","first-page":"769","DOI":"10.2307\/255378","volume":"18","author":"S Kerr","year":"1975","unstructured":"Kerr, S.: On the folly of rewarding A, while hoping for B. Acad. Manag. J. 18(4), 769\u2013783 (1975)","journal-title":"Acad. Manag. J."},{"key":"22_CR42","unstructured":"MITRE: Common vulnerabilities and exposures (2020). https:\/\/cve.mitre.org\/. Accessed 30 Jan 2020"},{"key":"22_CR43","doi-asserted-by":"publisher","DOI":"10.1002\/9781119175834","volume-title":"Managing the unexpected: sustained performance in a complex world","author":"KE Weick","year":"2015","unstructured":"Weick, K.E., Sutcliffe, K.M.: Managing the unexpected: sustained performance in a complex world. Wiley, Hoboken (2015)"},{"issue":"2","key":"22_CR44","doi-asserted-by":"publisher","first-page":"112","DOI":"10.2307\/41165243","volume":"29","author":"KE Weick","year":"1987","unstructured":"Weick, K.E.: Organizational culture as a source of high reliability. Calif. Manag. Rev. 29(2), 112\u2013127 (1987)","journal-title":"Calif. Manag. Rev."},{"issue":"2","key":"22_CR45","doi-asserted-by":"publisher","first-page":"160","DOI":"10.1287\/orsc.1.2.160","volume":"1","author":"KH Roberts","year":"1990","unstructured":"Roberts, K.H.: Some characteristics of one type of high reliability organization. Org. Sci. 1(2), 160\u2013176 (1990)","journal-title":"Org. Sci."},{"key":"22_CR46","unstructured":"Field, T.: Insider threat: \u2018you can\u2019t stop stupid\u2019 (2010). https:\/\/www.bankinfosecurity.com\/insider-threat-you-cant-stop-stupid-a-2789. Accessed 30 Jan 2020"},{"key":"22_CR47","unstructured":"Matyszczyk, C.: IT and security professionals think normal people are just the worst (2019). https:\/\/www.zdnet.com\/article\/it-professionals-think-normal-people-are-stupid\/. Accessed 31 Jan 2020"},{"issue":"7","key":"22_CR48","doi-asserted-by":"publisher","first-page":"509","DOI":"10.1016\/j.cose.2009.04.006","volume":"28","author":"S Kraemer","year":"2009","unstructured":"Kraemer, S., Carayon, P., Clem, J.: Human and organizational factors in computer and information security: pathways to vulnerabilities. Comput. Secur. 28(7), 509\u2013520 (2009)","journal-title":"Comput. Secur."},{"issue":"February","key":"22_CR49","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1016\/j.cose.2015.10.006","volume":"56","author":"NS Safa","year":"2016","unstructured":"Safa, N.S., Von Solms, R., Furnell, S.: Information security policy compliance model in organizations. Comput. Secur. 56(February), 70\u201382 (2016)","journal-title":"Comput. Secur."},{"issue":"12","key":"22_CR50","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1145\/322796.322806","volume":"42","author":"A Adams","year":"1999","unstructured":"Adams, A., Sasse, M.A.: Users are not the enemy. Commun. ACM 42(12), 40\u201346 (1999)","journal-title":"Commun. ACM"},{"issue":"6","key":"22_CR51","doi-asserted-by":"publisher","first-page":"60","DOI":"10.1145\/1620693.1620708","volume":"16","author":"DA Norman","year":"2009","unstructured":"Norman, D.A.: The way I see it when security gets in the way. Interactions 16(6), 60\u201363 (2009)","journal-title":"Interactions"}],"container-title":["Lecture Notes in Computer Science","Augmented Cognition. Human Cognition and Behavior"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-50439-7_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,10]],"date-time":"2024-07-10T00:14:51Z","timestamp":1720570491000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-50439-7_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030504380","9783030504397"],"references-count":51,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-50439-7_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"10 July 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"HCII","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Human-Computer Interaction","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Copenhagen","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Denmark","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19 July 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 July 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"hcii2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/2020.hci.international\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}