In this episode of Cyber Ways, Craig interviews co-host Dr. Tom Stafford about his 2021 paper, Platform-Dependent Computer Security Complacency: The Unrecognized Insider Threat, which was published in the IEEE Transactions on Engineering Management.
Dr. Stafford is the J.E. Barnes Eminent Scholar in Data Analytics at Louisiana Tech University. He holds doctorates in Marketing from the University of Georgia, and Management Information Systems from the University of Texas at Arlington. In addition to publishing dozens of articles in high-quality journals, he has served as Editor-in-Chief of the Decision Sciences Journal, and is currently co-Editor-in-Chief of The DATA BASE for Advances in Information Systems, which is the oldest continuously-published journal in information systems. Dr. Stafford also co-chaired the 2018 Americas Conference on Information Systems, and the 2019 IFIP 8.11/11.13 Information Security Workshop. He is also co-chairing the 2025 International Conference in Information Systems.
Tom’s paper discusses how many problematic security behaviors are the result of complacency or ignorance, rather than explicit malicious behavior. He also describes the concept of cyber-complacency, which he defines as an unconcerned dependence on technological security protections.
Abstract (direct copy from the paper)
This article reports on a grounded theory investigation of subject response anomalies that were encountered in the course of a neurocognitive laboratory study of computer user cybersecurity behaviors. Subsequent qualitative data collection led to theoretical development in specification of three broad constructs of computer user security complacency. Theoretical insights indicate that states of security complacency can arise in the form of a naïve lack of concern about the likelihood of facing security threats (inherent complacency), from ill-advised dependence upon specific computing platforms and protective workplace technology implementations for protection (platform complacency), as well as the reliance on the guidance on advice from trusted social others in personal and workplace networks (social complacency). Elements of an emergent theory of cybersecurity complacency arising from our interpretive insights are discussed.
Link to the paper: https://ieeexplore.ieee.org/document/9373614
The Cyber Ways podcast is brought to you by the Center for Information Assurance, at Louisiana Tech University’s College of Business. Cyber Ways is funded through a Just Business grant, made possible through the generosity of donors to the Louisiana Tech University College of Business.
Intro audio for the Cyber Ways Podcast
Outro audio for Cyber Ways Podcast
Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.
https://business.latech.edu/cyberways/