Information Security Policy Violations Question Title * Participant Letter for Anonymous Surveys Nova Southeastern University Consent to be in a Research Study Entitled Orientation and Social Influences Matter: An Expansion of Neutralization ModelThe person doing this study is Frank King with the College of Engineering and Computing, Nova Southeastern University under the guidance of Dr. Souren Paul. You are being asked to take part in this research study because you are associated in one of the following industries: Academia, Corporate, or Information Technology Professionals.The purpose of this study is to find a better understanding of employee’s cognitive rationalization when making decisions from both a business and ethical orientation. Employees are seen as the number one threat to an organization’s security, and as a result, employees fall into neutralization techniques and commit information security policy violations. This research will provide an explanation to employee’s cognitive thinking that enable them to make either business or ethical decisions to accept neutralization techniques and ultimately commit information security violations. As a result, this research will help practitioners, information security managers, and information security scholars in writing information security policy which may aid in reducing violations and ultimately protect sensitive data.If you are willing to participate and you are 18 years of age and older, this will be a one-time, anonymous survey. The survey will take approximately 12 minutes to complete. Responses to this survey are completely anonymous and no personal identifiable information (PII) will be collected.This research study involves minimal risk to you. To the best of our knowledge, the things you will be doing have no more risk of harm than you would have in everyday life. You can decide not to participate in this research, and it will not be held against you. You can exit the survey at any time. Participation in this study is completely voluntary.There is no cost for participation in this study. Participation is voluntary and no payment will be provided. Your responses are anonymous. Information we learn about you in this research study will be handled in a confidential manner, within the limits of the law. This data will be available to the researcher, the Institutional Review Board (IRB) and other representatives of this institution, and any granting agencies (if applicable). All confidential data will be kept securely. Data will be kept with a secure cloud service provider and all data will be kept for 36 months from the end of the study. All records must be kept for a minimum of 36 months. After that time, all data will be erased and permanently deleted and destroyed. All data collected will be cleared from databases and all backup copies will be deleted and destroyed. If you have questions, you can contact Frank King at 202-841-6195 Monday thru Friday from 9am – 6pm EST or via e-mail fk145@mynsu.nova.eduIf you have questions about the study but want to talk to someone else who is not a part of the study, you can call the Nova Southeastern University Institutional Review Board (IRB) at (954) 262-5369 or toll free at 1-866-499-0790 or email at IRB@nova.edu. If you have read the above information and voluntarily wish to participate in this research study, you may proceed to the survey below: Question Title * In our organization our commitment to serving customer needs is closely monitored Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree BO1 BO1 Strongly disagree BO1 Disagree BO1 Somewhat disagree BO1 Neither agree or disagree BO1 Somewhat agree BO1 Agree BO1 Strongly agree Question Title * In our organization it is important that customer satisfaction is frequently assessed Strongly disagree Disagree Somewhat Disagree Neither agree or disagree Somewhat agree Agree Strongly agree BO2 BO2 Strongly disagree BO2 Disagree BO2 Somewhat Disagree BO2 Neither agree or disagree BO2 Somewhat agree BO2 Agree BO2 Strongly agree Question Title * In our organization we achieve rapid response to competitive actions Strongly Disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree BO4 BO4 Strongly Disagree BO4 Disagree BO4 Somewhat disagree BO4 Neither agree or disagree BO4 Somewhat agree BO4 Agree BO4 Strongly agree Question Title * In our organization business functions are integrated to serve market needs Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree BO6 BO6 Strongly disagree BO6 Disagree BO6 Somewhat disagree BO6 Neither agree or disagree BO6 Somewhat agree BO6 Agree BO6 Strongly agree Question Title * A person should make certain that their actions never intentionally harm another even to a small degree Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree EO2 EO2 Strongly disagree EO2 Disagree EO2 Somewhat disagree EO2 Neither agree or disagree EO2 Somewhat agree EO2 Agree EO2 Strongly agree Question Title * Risks to another should never be tolerated, irrespective of how small the risks might be Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree EO3 EO3 Strongly disagree EO3 Disagree EO3 Somewhat disagree EO3 Neither agree or disagree EO3 Somewhat agree EO3 Agree EO3 Strongly agree Question Title * I like my job Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree SI4 SI4 Strongly disagree SI4 Disagree SI4 Somewhat disagree SI4 Neither agree or disagree SI4 Somewhat agree SI4 Agree SI4 Strongly agree Question Title * I respect the opinion and views of my co-workers Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree SI5 SI5 Strongly disagree SI5 Disagree SI5 Somewhat disagree SI5 Neither agree or disagree SI5 Somewhat agree SI5 Agree SI5 Strongly agree Question Title * I have a good relationship with my co-workers Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree SI6 SI6 Strongly disagree SI6 Disagree SI6 Somewhat disagree SI6 Neither agree or disagree SI6 Somewhat agree SI6 Agree SI6 Strongly agree Question Title * I am loyal to my organization Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree SI7 SI7 Strongly disagree SI7 Disagree SI7 Somewhat disagree SI7 Neither agree or disagree SI7 Somewhat agree SI7 Agree SI7 Strongly agree Question Title * I am very involved within my workplace Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree SI8 SI8 Strongly disagree SI8 Disagree SI8 Somewhat disagree SI8 Neither agree or disagree SI8 Somewhat agree SI8 Agree SI8 Strongly agree Question Title * I feel my job is important Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree SI10 SI10 Strongly disagree SI10 Disagree SI10 Somewhat disagree SI10 Neither agree or disagree SI10 Somewhat agree SI10 Agree SI10 Strongly agree Question Title * My organization believes that I should follow the organization’s information security policy. Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree SP1 SP1 Strongly disagree SP1 Disagree SP1 Somewhat disagree SP1 Neither agree or disagree SP1 Somewhat agree SP1 Agree SP1 Strongly agree Question Title * My co-workers believe I should not violate information security policy Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree SP3 SP3 Strongly disagree SP3 Disagree SP3 Somewhat disagree SP3 Neither agree or disagree SP3 Somewhat agree SP3 Agree SP3 Strongly agree Question Title * My organization’s IT Information Security personnel are of opinion that I should comply with the information security policies Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree SP4 SP4 Strongly disagree SP4 Disagree SP4 Somewhat disagree SP4 Neither agree or disagree SP4 Somewhat agree SP4 Agree SP4 Strongly agree Question Title * My supervisors are of the opinion that I should comply to information security policies Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree SP5 SP5 Strongly disagree SP5 Disagree SP5 Somewhat disagree SP5 Neither agree or disagree SP5 Somewhat agree SP5 Agree SP5 Strongly agree Question Title * I believe most of the employees in my organization comply with IS security policy Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree SP6 SP6 Strongly disagree SP6 Disagree SP6 Somewhat disagree SP6 Neither agree or disagree SP6 Somewhat agree SP6 Agree SP6 Strongly agree Question Title * Please use the scale from (0) Not likely at all (10) Extremely likelyHypothetical Scenario 1Seija is a middle-level manager in a medium-sized company where she was recently hired. Her department uses an inventory procurement software application program to make inventory purchases. To ensure that only authorized individuals make inventory purchases, the company has a firm policy that employees must log out or lock their computer workstation when not in use. However, to make work more convenient, Seija’s manager directs her to leave her user account logged-in for other employees to freely use. Seija expects that keeping her user account logged-in could save her company time. She also knows that keeping the workstation logged-in is a common practice in the industry and an employee recently was reprimanded for leaving the workstation logged-in. Seija leaves the workstation logged-in when she is finished.What is the likelihood that you would do as Seija Not at all Likely 1 2 3 4 Neutral 6 7 8 9 Extremely Likely Scenario 1 Scenario 1 Not at all Likely Scenario 1 1 Scenario 1 2 Scenario 1 3 Scenario 1 4 Scenario 1 Neutral Scenario 1 6 Scenario 1 7 Scenario 1 8 Scenario 1 9 Scenario 1 Extremely Likely Question Title * Hypothetical Scenario 2Hannu is a low-level manager in a small company where he was recently hired. His company has a strong policy that each computer workstation must be password-protected and that passwords are not to be shared. However, Hannu is on a business trip and one of his co-workers needs a file on his computer. Hannu expects that sharing his password could save his company a lot of time. He also knows that the firm has mandatory information security training. Hannu shares his password with his co-worker.What is the likelihood you would do as Hannu Not at all likely 1 2 3 4 Neutral 6 7 8 9 Extremely likely Scenario 2 Scenario 2 Not at all likely Scenario 2 1 Scenario 2 2 Scenario 2 3 Scenario 2 4 Scenario 2 Neutral Scenario 2 6 Scenario 2 7 Scenario 2 8 Scenario 2 9 Scenario 2 Extremely likely Question Title * It is OK to violate the organizational information security policy to get the job done Strongly disagree Disgree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly Agree N1 N1 Strongly disagree N1 Disgree N1 Somewhat disagree N1 Neither agree or disagree N1 Somewhat agree N1 Agree N1 Strongly Agree Question Title * It is ok to violate the organizational information security policy under circumstances where it seems like you have little to no choice Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree N2 N2 Strongly disagree N2 Disagree N2 Somewhat disagree N2 Neither agree or disagree N2 Somewhat agree N2 Agree N2 Strongly agree Question Title * It is ok to violate organizational information security policy when you are in a hurry Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat argee Agree Strongly agree N3 N3 Strongly disagree N3 Disagree N3 Somewhat disagree N3 Neither agree or disagree N3 Somewhat argee N3 Agree N3 Strongly agree Question Title * I feel my general adherence to organization information security policy compensates for occasionally violating information security policy Strongly Disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree N4 N4 Strongly Disagree N4 Disagree N4 Somewhat disagree N4 Neither agree or disagree N4 Somewhat agree N4 Agree N4 Strongly agree Question Title * I feel my hard work compensates for occasionally violating information security policy Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree N5 N5 Strongly disagree N5 Disagree N5 Somewhat disagree N5 Neither agree or disagree N5 Somewhat agree N5 Agree N5 Strongly agree Question Title * It is not wrong to violate information security policy that is unreasonable Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree N6 N6 Strongly disagree N6 Disagree N6 Somewhat disagree N6 Neither agree or disagree N6 Somewhat agree N6 Agree N6 Strongly agree Question Title * It is not wrong to violate information security policy that requires too much time to comply Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat argee Agree Strongly agree N7 N7 Strongly disagree N7 Disagree N7 Somewhat disagree N7 Neither agree or disagree N7 Somewhat argee N7 Agree N7 Strongly agree Question Title * It is ok to violate information security policy if it does not harm the organization Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree N8 N8 Strongly disagree N8 Disagree N8 Somewhat disagree N8 Neither agree or disagree N8 Somewhat agree N8 Agree N8 Strongly agree Question Title * It is ok to violate information security policy if no one gets hurt Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree N9 N9 Strongly disagree N9 Disagree N9 Somewhat disagree N9 Neither agree or disagree N9 Somewhat agree N9 Agree N9 Strongly agree Question Title * It is OK to violate the organization’s information security policy if you are not aware of what it is Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree N10 N10 Strongly disagree N10 Disagree N10 Somewhat disagree N10 Neither agree or disagree N10 Somewhat agree N10 Agree N10 Strongly agree Question Title * It is ok to violate the organization’s information security policy if it is not advertised Strongly disagree Disagree Somewhat disagree Neither agree or disagree Somewhat agree Agree Strongly agree N11 N11 Strongly disagree N11 Disagree N11 Somewhat disagree N11 Neither agree or disagree N11 Somewhat agree N11 Agree N11 Strongly agree Question Title * Demographic InformationWhich principal industry best describe your organization or work profession? Information Technology Professional Corporate organization Academic Institution Question Title * What are the approximate total number of employees for your organization 1 - 49 50 - 999 1,000 - 4,999 5,000 - More Question Title * Gender Male Female Done