A recent study published in the Journal of Management Information Systems (JMIS) shows that absence of self-control is a predictor of an employee becoming a security risk in organizations. “The Role of Self-Control in Information Security Violations: Insights from A Cognitive Neuroscience Perspective” is written by Qing Hu, Robert West and Laura Smarandescu of Iowa State University.

The researchers used a brain imaging technology, electroencephalography (EEG), to examine the brain activation levels and regions of individuals in scenario-based laboratory experiments in which the subjects were considering information security violations. The researchers found that self-control is a major factor that differentiates whether an individual may or may not violate established information security policies and procedures in organizations. Individuals with low self-control display lower levels of neural activities in brain regions known to perform cognitive control functions that govern rational behavior. They also use less time to make decisions related to information security violations. Thus, these individuals pose a greater threat to organizational information security. These findings question the effectiveness of security-education training commonly used in organizations, given the strong evidence of neurological roots of low self-control.

Read the full study here: http://www.tandfonline.com/doi/full/10.1080/07421222.2014.1001255