{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T17:57:58Z","timestamp":1743011878342,"version":"3.40.3"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319336299"},{"type":"electronic","value":"9783319336305"}],"license":[{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2016,1,1]],"date-time":"2016-01-01T00:00:00Z","timestamp":1451606400000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2016]]},"DOI":"10.1007\/978-3-319-33630-5_4","type":"book-chapter","created":{"date-parts":[[2016,5,10]],"date-time":"2016-05-10T08:10:12Z","timestamp":1462867812000},"page":"49-61","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Developing a Human Activity Model for Insider IS Security Breaches Using Action Design Research"],"prefix":"10.1007","author":[{"given":"Gurpreet","family":"Dhillon","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Spyridon","family":"Samonas","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ugo","family":"Etudo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2016,5,11]]},"reference":[{"key":"4_CR1","doi-asserted-by":"publisher","first-page":"222","DOI":"10.1109\/TSE.1987.232894","volume":"SE-13","author":"DE Denning","year":"1987","unstructured":"Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. SE-13, 222\u2013232 (1987)","journal-title":"IEEE Trans. Softw. Eng."},{"key":"4_CR2","unstructured":"Audit Commission, Losing an empire, finding a role. HMSO, London (1989)"},{"key":"4_CR3","unstructured":"Audit Commission, Survey of computer fraud & abuse. The Audit Commission for Local Authorities and the National Health Service in England and Wales (1990)"},{"key":"4_CR4","doi-asserted-by":"crossref","unstructured":"Audit Commission, Opportunity makes a thief. Analysis of computer abuse. The Audit Commission for Local Authorities and the National Health Service in England and Wales (1994)","DOI":"10.1016\/0960-2593(94)90128-7"},{"key":"4_CR5","unstructured":"Office of Technology Assessment, Information security and privacy in network environments. US Government Publication (1994)"},{"issue":"6","key":"4_CR6","doi-asserted-by":"publisher","first-page":"22","DOI":"10.1109\/MSP.2009.109","volume":"7","author":"BM Bowen","year":"2009","unstructured":"Bowen, B.M., et al.: Designing host and network sensors to mitigate the insider threat. IEEE Secur. Priv. 7(6), 22\u201329 (2009)","journal-title":"IEEE Secur. Priv."},{"issue":"1","key":"4_CR7","doi-asserted-by":"crossref","first-page":"37","DOI":"10.2307\/23043488","volume":"35","author":"M Sein","year":"2011","unstructured":"Sein, M., et al.: Action design research. MIS Q. 35(1), 37\u201356 (2011)","journal-title":"MIS Q."},{"issue":"2","key":"4_CR8","doi-asserted-by":"publisher","first-page":"121","DOI":"10.1287\/isre.12.2.121.9700","volume":"12","author":"WJ Orlikowski","year":"2001","unstructured":"Orlikowski, W.J., Iacono, C.S.: Research commentary: Desperately seeking the \u201cIT\u201d in IT research\u2014A call to theorizing the IT artifact. Inf. Syst. Res. 12(2), 121\u2013134 (2001)","journal-title":"Inf. Syst. Res."},{"key":"4_CR9","doi-asserted-by":"crossref","first-page":"127","DOI":"10.2307\/25148831","volume":"32","author":"MR Jones","year":"2008","unstructured":"Jones, M.R., Karsten, H.: Gidden\u2019s structuration theory and information systems research. MIS Q. 32, 127\u2013157 (2008)","journal-title":"MIS Q."},{"issue":"8","key":"4_CR10","doi-asserted-by":"publisher","first-page":"715","DOI":"10.1016\/S0167-4048(01)00813-6","volume":"20","author":"G Dhillon","year":"2001","unstructured":"Dhillon, G., Moores, S.: Computer Crimes: theorizing about the enemy within. Comput. Secur. 20(8), 715\u2013723 (2001)","journal-title":"Comput. Secur."},{"issue":"2","key":"4_CR11","doi-asserted-by":"publisher","first-page":"101","DOI":"10.1057\/ejis.2009.12","volume":"18","author":"ME Warkentin","year":"2009","unstructured":"Warkentin, M.E., Willison, R.: Behavioral and policy issues in information systems security: The insider threat. Eur. J. Inf. Syst. 18(2), 101\u2013105 (2009)","journal-title":"Eur. J. Inf. Syst."},{"key":"4_CR12","unstructured":"Cappelli, D.M., et al.: Common Sense Guide to Prevention and Detection of Insider Threat, 3rd Edition\u2014Version 3.1 (2009)"},{"key":"4_CR13","doi-asserted-by":"crossref","unstructured":"Cummings, A., et al.: Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U.S. Financial Services Sector (Technical Report CMU\/SEI-2012-SR-004) (2012)","DOI":"10.21236\/ADA610430"},{"key":"4_CR14","doi-asserted-by":"publisher","DOI":"10.1201\/9781420046601","volume-title":"Insider Computer Fraud: An In-depth Framework for Detecting and Defending against Insider IT Attacks","author":"K Brancik","year":"2007","unstructured":"Brancik, K.: Insider Computer Fraud: An In-depth Framework for Detecting and Defending against Insider IT Attacks. Auerbach Publications, Boca Raton (2007)"},{"key":"4_CR15","unstructured":"Ponemon Institute, Risk of Insider Fraud: Second Annual Study (2013)"},{"key":"4_CR16","unstructured":"Hartel, P.H., Junger, M., Wieringa, R.J.: Cyber-crime Science = Crime Science + Information Security. Technical Report TR-CTIT-10-34, CTIT, University of Twente, Oct 2010. \n                    http:\/\/eprints.eemcs.utwente.nl\/18500\/"},{"key":"4_CR17","unstructured":"Spitzner, L.: Honeypots: Catching the insider threat. In: Proceedings of 19th Annual Computer Security Applications Conference, pp. 170\u2013179. IEEE, Las Vegas, NV, USA (2003)"},{"key":"4_CR18","doi-asserted-by":"crossref","unstructured":"Chagarlamudi, M., Panda, B., Hu, Y.: Insider threat in database systems: Preventing malicious users\u2019 activities in databases. In: Sixth International Conference on Information Technology: New Generations, 2009. ITNG 2009, pp. 1616\u20131620. IEEE, Las Vegas, NV, USA (2009)","DOI":"10.1109\/ITNG.2009.67"},{"issue":"2","key":"4_CR19","doi-asserted-by":"publisher","first-page":"151","DOI":"10.1057\/ejis.2009.8","volume":"18","author":"SR Boss","year":"2009","unstructured":"Boss, S.R., et al.: If someone is watching, I\u2019ll do what I\u2019m asked: Mandatoriness, control, and information security. Eur. J. Inf. Syst. 18(2), 151\u2013164 (2009)","journal-title":"Eur. J. Inf. Syst."},{"issue":"3","key":"4_CR20","doi-asserted-by":"crossref","first-page":"523","DOI":"10.2307\/25750690","volume":"34","author":"B Bulgurcu","year":"2010","unstructured":"Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34(3), 523\u2013548 (2010)","journal-title":"MIS Q."},{"issue":"1","key":"4_CR21","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1287\/isre.1070.0160","volume":"20","author":"J D\u2019Arcy","year":"2009","unstructured":"D\u2019Arcy, J., Hovav, A., Galletta, D.: User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Inf. Syst. Res. 20(1), 79\u201398 (2009)","journal-title":"Inf. Syst. Res."},{"issue":"2","key":"4_CR22","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1016\/j.dss.2009.02.005","volume":"47","author":"T Herath","year":"2009","unstructured":"Herath, T., Rao, H.R.: Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decis. Support Syst. 47(2), 154\u2013165 (2009)","journal-title":"Decis. Support Syst."},{"issue":"2","key":"4_CR23","doi-asserted-by":"publisher","first-page":"203","DOI":"10.2753\/MIS0742-1222280208","volume":"28","author":"KH Guo","year":"2011","unstructured":"Guo, K.H., et al.: Understanding nonmalicious security violations in the workplace: a composite behavior model. J. Manage. Inf. Syst. 28(2), 203\u2013236 (2011)","journal-title":"J. Manage. Inf. Syst."},{"issue":"3","key":"4_CR24","doi-asserted-by":"publisher","first-page":"293","DOI":"10.1080\/02678379808256868","volume":"12","author":"J Reason","year":"1998","unstructured":"Reason, J.: Achieving a safe culture: theory and practice. Work Stress 12(3), 293\u2013306 (1998)","journal-title":"Work Stress"},{"key":"4_CR25","first-page":"295","volume-title":"The human contribution: unsafe acts, accidents and heroic recoveries","author":"JT Reason","year":"2008","unstructured":"Reason, J.T.: The human contribution: unsafe acts, accidents and heroic recoveries, p. 295. Ashgate, Farnham (2008)"},{"key":"4_CR26","doi-asserted-by":"publisher","first-page":"85","DOI":"10.1007\/978-1-4419-7133-3_5","volume-title":"Insider Threats in Cyber-security - Advances in Information Security, 49","author":"FL Greitzer","year":"2010","unstructured":"Greitzer, F.L., Frincke, D.A.: Combining traditional cyber-security audit data with psychosocial data: Towards predictive modeling for insider threat mitigation. In: Probst, C.W., et al. (eds.) Insider Threats in Cyber-security - Advances in Information Security, 49, pp. 85\u2013113. Springer, Heidelberg (2010)"},{"key":"4_CR27","doi-asserted-by":"crossref","unstructured":"Hoyer, S., et al.: Fraud prediction and the human factor: an approach to include human behavior in an automated fraud audit. In: 45th Hawaii International Conference on System Sciences Proceedings (HICSS), Grand Wailea, pp. 2382\u20132391. IEEE Computer Society, Maui, HI, USA (2012)","DOI":"10.1109\/HICSS.2012.289"},{"issue":"3","key":"4_CR28","doi-asserted-by":"publisher","first-page":"190","DOI":"10.1016\/j.im.2012.04.002","volume":"49","author":"A Vance","year":"2012","unstructured":"Vance, A., Siponen, M., Pahnila, S.: Motivating IS security compliance: insights from habit and protection motivation theory. Inf. Manage. 49(3), 190\u2013198 (2012)","journal-title":"Inf. Manage."},{"issue":"2","key":"4_CR29","doi-asserted-by":"publisher","first-page":"106","DOI":"10.1057\/ejis.2009.6","volume":"18","author":"T Herath","year":"2009","unstructured":"Herath, T., Rao, H.R.: Protection motivation and deterrence: A framework for security policy compliance in organisations. Eur. J. Inf. Syst. 18(2), 106\u2013125 (2009)","journal-title":"Eur. J. Inf. Syst."},{"key":"4_CR30","first-page":"163","volume":"33","author":"S Ramachandran","year":"2013","unstructured":"Ramachandran, S., et al.: Variations in information security cultures across professions: A qualitative study. Commun. Assoc. Inf. Syst. 33, 163\u2013204 (2013)","journal-title":"Commun. Assoc. Inf. Syst."},{"issue":"4","key":"4_CR31","doi-asserted-by":"publisher","first-page":"373","DOI":"10.1016\/j.jsis.2011.06.001","volume":"20","author":"K Hedstr\u00f6m","year":"2011","unstructured":"Hedstr\u00f6m, K., et al.: Value conflicts for information security management. J. Strateg. Inf. Syst. 20(4), 373\u2013384 (2011)","journal-title":"J. Strateg. Inf. Syst."},{"key":"4_CR32","unstructured":"Talib, Y.A., Dhillon, G.: Invited paper: Employee emancipation and protection of information. In: 5th Annual Symposium on Information Assurance (ASIA 2010) (2010)"},{"key":"4_CR33","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"431","DOI":"10.1007\/978-3-642-55415-5_36","volume-title":"ICT Systems Security and Privacy Protection","author":"G Dhillon","year":"2014","unstructured":"Dhillon, G., Chowdhuri, R., Pedron, C.: Organizational transformation and information security culture: A telecom case study. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IFIP AICT, vol. 428, pp. 431\u2013437. Springer, Heidelberg (2014)"},{"key":"4_CR34","volume-title":"The silent language","author":"ET Hall","year":"1959","unstructured":"Hall, E.T.: The silent language, 2nd edn. Anchor Books, New York (1959)","edition":"2"},{"issue":"7","key":"4_CR35","doi-asserted-by":"publisher","first-page":"991","DOI":"10.1108\/09596111211258883","volume":"24","author":"K Berezina","year":"2012","unstructured":"Berezina, K., et al.: The impact of information security breach on hotel guest perception of service quality, satisfaction, revisit intentions and word-of-mouth. Int. J. Contemp. Hospitality Manage. 24(7), 991\u20131010 (2012)","journal-title":"Int. J. Contemp. Hospitality Manage."},{"key":"4_CR36","unstructured":"Rosoff, H., Cui, J., John, R.: Behavioral experiments exploring victims\u2019 response to cyber-based financial fraud and identity theft scenario simulations. In: Tenth Symposium on Usable Privacy and Security (SOUPS), pp. 175\u2013186. USENIX Association, Menlo Park, CA, USA (2014)"},{"issue":"2","key":"4_CR37","first-page":"397","volume":"35","author":"P-Y Chen","year":"2011","unstructured":"Chen, P.-Y., Kataria, G., Krishnan, R.: Correlated failures. Diversification, Inf. Secur. Risk Manage. MIS Q. 35(2), 397\u2013422 (2011)","journal-title":"Diversification, Inf. Secur. Risk Manage. MIS Q."},{"issue":"4","key":"4_CR38","doi-asserted-by":"crossref","first-page":"757","DOI":"10.2307\/25750704","volume":"34","author":"P Puhakainen","year":"2010","unstructured":"Puhakainen, P., Siponen, M.: Improving employees\u2019 compliance through information systems security training: An action research study. MIS Q. 34(4), 757\u2013778 (2010)","journal-title":"MIS Q."},{"key":"4_CR39","doi-asserted-by":"crossref","unstructured":"Waguespack, L.J., Yates, D.J., Schiano, W.T.: Towards a design theory for trustworthy information systems. In: 47th Hawaii International Conference on System Sciences (HICSS), pp. 3707\u20133716 (2014)","DOI":"10.1109\/HICSS.2014.461"},{"key":"4_CR40","doi-asserted-by":"crossref","unstructured":"Beer, M., Meier, M.C., Mosig, B., Probst, F.: A prototype for information-dense it project risk reporting: an action design research approach. In: 47th Hawaii International Conference on System Sciences (HICSS), pp. 3657\u20133666 (2014)","DOI":"10.1109\/HICSS.2014.456"},{"issue":"2","key":"4_CR41","doi-asserted-by":"crossref","first-page":"337","DOI":"10.25300\/MISQ\/2013\/37.2.01","volume":"37","author":"S Gregor","year":"2013","unstructured":"Gregor, S., Hevner, A.R.: Positioning and presenting design science research for maximum impact. MIS Q. 37(2), 337\u2013355 (2013)","journal-title":"MIS Q."},{"issue":"3","key":"4_CR42","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1287\/isre.14.3.221.16560","volume":"14","author":"A Lee","year":"2003","unstructured":"Lee, A., Baskerville, R.L.: Generalizing generalizability in information systems research. Inf. Syst. Res. 14(3), 221\u2013243 (2003)","journal-title":"Inf. Syst. Res."},{"issue":"6","key":"4_CR43","doi-asserted-by":"publisher","first-page":"430","DOI":"10.1145\/358141.358148","volume":"26","author":"ML Markus","year":"1983","unstructured":"Markus, M.L.: Power, politics, and mis implementation. Commun. ACM 26(6), 430\u2013444 (1983)","journal-title":"Commun. ACM"},{"key":"4_CR44","first-page":"39","volume-title":"The Complexity of Workplace Humour","author":"Barbara Plester","year":"2015","unstructured":"Plester, B.: Execution of a joke: Types and functions of humour. In: The Complexity of Workplace Humour: Laughter, Jokers and the Dark Side of Humour, pp. 39\u201366. Springer, Heidelberg (2016)"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-33630-5_4","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,5,13]],"date-time":"2020-05-13T00:03:16Z","timestamp":1589328196000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-33630-5_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016]]},"ISBN":["9783319336299","9783319336305"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-33630-5_4","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2016]]},"assertion":[{"value":"11 May 2016","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}