Article Preview
Top1. Introduction
Information Technology is a vital apparatus for strategic business planning and competitive advantage; it inherently has the potential to facilitate and expedite business processes at unprecedented levels. The wide adoption of information technology to conduct ordinary business activities has also been an attractive avenue for criminal ideations resulting in critical security concerns. In order to mitigate possible factors that can impede information security, private and public organizations are predisposed to three categories of security countermeasures including: Technologies, administrative procedures, and education, awareness and training programs (Chaundhry, Chaundhry, & Reese, 2012; Whitman & Mattord, 2009). A preponderance of articles in the research community continues to emphasize the point that, the lack of adherence or conformance to information security policies on the part of employees, either deliberately or inadvertently is of paramount concern (Ifinedo, 2012; Myyry, Siponen, Pahnila, Vartiainen, & Vance, 2009). These facts have lead to the conclusion that, internal users of information systems in organizations constitute the weakest link of defense against information security. The focus of this study is on internal threats and its associated motivators and consequences using the theory of planned behavior, elaborated upon in grater detail in the following paragraphs.
The adoption of Information Technology to conduct daily business operations is a strategic effort and is susceptible to yielding competitive advantage and high returns on investment (Evans, 2011). This outcome can undoubtedly not be achieved without severe security commitments, primarily on the part of top management and secondarily on the part of users of information systems who are the primary custodians of sensitive and confidential information by virtue of their service to the organization and customers alike. Achieving a high level of employee commitment to the security of information systems requires an elevated sense of situational awareness and attention to specific security eventualities (Hu, Dinev, & Hart, 2012; Siponen, Mahmood, & Pahnila, 2009; Whitman, 2003). The focus of information security is increasingly on the role of people and compliance as people often constitute the greatest threat due to poor unintentional and intentional choices resulting from motivating factors that could infringe on their ability to make rational choices (Hu, Xu, Dinev, & Ling, 2011; Pahnila, Siponen, & Mahmood, 2007). Information Security has always been a call for concern for business organizations and their stakeholders alike because of the devastating and humiliating consequences that security incidents can pause to the Confidentiality; Integrity and Availability (CIA) of organizational information.