Absence of Self-Control is a Predictor of Proneness to Security Violations

May 20, 2015

A recent study published in the Journal of Management Information Systems (JMIS) shows that absence of self-control is a predictor of an employee becoming a security risk in organizations. “The Role of Self-Control in Information Security Violations: Insights from A Cognitive Neuroscience Perspective” is written by Qing Hu, Robert West and Laura Smarandescu of Iowa State University.

The researchers used a brain imaging technology, electroencephalography (EEG), to examine the brain activation levels and regions of individuals in scenario-based laboratory experiments in which the subjects were considering information security violations. The researchers found that self-control is a major factor that differentiates whether an individual may or may not violate established information security policies and procedures in organizations. Individuals with low self-control display lower levels of neural activities in brain regions known to perform cognitive control functions that govern rational behavior. They also use less time to make decisions related to information security violations. Thus, these individuals pose a greater threat to organizational information security. These findings question the effectiveness of security-education training commonly used in organizations, given the strong evidence of neurological roots of low self-control.

Read the full study here: http://www.tandfonline.com/doi/full/10.1080/07421222.2014.1001255

Microsoft’s Edna Conway, Chief Security and Risk Officer of Azure, will lead this session and provide a real-world, tangible approach to address security and resilience to support you in your journey to operational resilience.

Protecting employees from potential exposure could be a daunting task, but with the right property technology, your office space can become an interactive and responsive asset that helps you ensure new health protocol compliance.