Absence of Self-Control is a Predictor of Proneness to Security Violations

A recent study published in the Journal of Management Information Systems (JMIS) shows that absence of self-control is a predictor of an employee becoming a security risk in organizations. “The Role of Self-Control in Information Security Violations: Insights from A Cognitive Neuroscience Perspective” is written by Qing Hu, Robert West and Laura Smarandescu of Iowa State University.

The researchers used a brain imaging technology, electroencephalography (EEG), to examine the brain activation levels and regions of individuals in scenario-based laboratory experiments in which the subjects were considering information security violations. The researchers found that self-control is a major factor that differentiates whether an individual may or may not violate established information security policies and procedures in organizations. Individuals with low self-control display lower levels of neural activities in brain regions known to perform cognitive control functions that govern rational behavior. They also use less time to make decisions related to information security violations. Thus, these individuals pose a greater threat to organizational information security. These findings question the effectiveness of security-education training commonly used in organizations, given the strong evidence of neurological roots of low self-control.

Read the full study here: http://www.tandfonline.com/doi/full/10.1080/07421222.2014.1001255

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.