The expanded security action cycle: a temporal analysis

Robert Willison, Merrill Warkentin

Research output: Contribution to conferencePaperpeer-review


The extant literature analyzing information system security policy violations has primarily focused on accidental or non-malicious noncompliance behavior. The focus is typically on the direct antecedents of behavioral intention, and researchers have applied theories related to planned behavior, adoption, protection motivation, and other cognitive processes. But another class of violation demands greater research emphasis--the intentional commission of computer security policy violation, or computer abuse. Whether motivated by greed, disgruntlement, or other psychological process, this act has the greatest potential for loss and damage to the employer. We argue the focus must include not only the act and its immediate antecedents, but also the cognitive processes leading to the formation of abuse intention, including the motivations and decision processes that may lead up to intention. By presenting three specific examples of how the organization can expand its zone of control further back in time ('to the left of bang'), our framework extends the Straub and Welke (1998) security action cycle. We present the Extended Security Action Cycle, a new theoretic model for illustrating potential organizational impacts on the formation of employees' intention to commit computer abuse within the organization. Implications for practitioners and academic researchers are presented, including guidelines for establishing trust with employees that will foster positive perceptions of organizational justice.
Original languageEnglish
Publication statusPublished - Oct 2010
EventThe Dewald Roode Workshop on Information Systems Security Research, IFIP - Boston, USA
Duration: 1 Oct 2010 → …


ConferenceThe Dewald Roode Workshop on Information Systems Security Research, IFIP
Period1/10/10 → …


Dive into the research topics of 'The expanded security action cycle: a temporal analysis'. Together they form a unique fingerprint.

Cite this