Absence of Self-Control is a Predictor of Proneness to Security Violations

A recent study published in the Journal of Management Information Systems (JMIS) shows that absence of self-control is a predictor of an employee becoming a security risk in organizations. “The Role of Self-Control in Information Security Violations: Insights from A Cognitive Neuroscience Perspective” is written by Qing Hu, Robert West and Laura Smarandescu of Iowa State University.

The researchers used a brain imaging technology, electroencephalography (EEG), to examine the brain activation levels and regions of individuals in scenario-based laboratory experiments in which the subjects were considering information security violations. The researchers found that self-control is a major factor that differentiates whether an individual may or may not violate established information security policies and procedures in organizations. Individuals with low self-control display lower levels of neural activities in brain regions known to perform cognitive control functions that govern rational behavior. They also use less time to make decisions related to information security violations. Thus, these individuals pose a greater threat to organizational information security. These findings question the effectiveness of security-education training commonly used in organizations, given the strong evidence of neurological roots of low self-control.

Read the full study here: http://www.tandfonline.com/doi/full/10.1080/07421222.2014.1001255

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

Within the healthcare security sector, as well as countless other sectors where security reflects a broad patient, customer, and employee pool, building a diverse and inclusive security team starts with focusing on diversity, equity, and inclusion (DEI) as any other business strategy.