Acquisti, A., Brandimarte, L., & Loewenstein, G. (2015). Privacy and human behavior in the age of information. Science, 347(6221), 509–514.
Ajzen, I. (1991). The theory of planned behavior. Organizational Behavior and Human Decision Processes, 50(2), 179–211.
Allen, B., & Loyear, R. (2017). Enterprise security risk management: Concepts and applications. Brookfield, CT: Rothstein Publishing.
Alliger, G. M., Cerasoli, C. P., Tannenbaum, S. I., & Vessey, W. B. (2015). Team resilience: How teams flourish under pressure. Organizational Dynamics, 44(3), 176–184.
Al-Daeef, M. M., Basir, N., & Saudi, M. M. (2017, July). Security awareness training: A review. In Proceedings of the World Congress on Engineering (Vol. 1, pp. 5-7). London, UK. https://pdfs.semanticscholar.org/f040/209717c34624dcb97ccd3ca8acc2e0d8ed93.pdf
Al-Ubaydli, O., List, J. A., & Suskind, D. (2019). The science of using science: Towards an understanding of the threats to scaling experiments. NBER Working Paper No. 25848. https://pdfs.semanticscholar.org/c586/ecc2d2a3678774ef66763abda0b6f2d1063c.pdf
Anderson, B. B., Jenkins, J. L., Vance, A., Kirwan, C. B., & Eargle, D. (2016). Your memory is working against you: How eye tracking and memory explain habituation to security warnings. Decision Support Systems, 92, 3–13.
Argote, L., Turner, M. E., & Fichman, M. (1989). To centralize or not to centralize: The effects of uncertainty and threat on group structure and performance. Organizational Behavior and Human Decision Processes, 43(1), 58–74.
Aurigemma, S., & Mattson, T. (2017). Privilege or procedure: Evaluating the effect of employee status on intent to comply with socially interactive information security threats and controls. Computers & Security, 66, 218–234.
Austin, J. T., & Villanova, P. (1992). The criterion problem: 1917–1992. Journal of Applied Psychology, 77(6), 836–874.
Barrick, M. R., & Mount, M. K. (1991). The big five personality dimensions and job performance: A meta-analysis. Personnel Psychology, 44(1), 1–26.
Barros, A. (2018). Is your SOC your CSIRT? Gartner. https://blogs.gartner.com/augusto-barros/2018/06/27/is-your-soc-your-csirt
Bem, D. J. (1967). Self-perception: An alternative interpretation of cognitive dissonance phenomena. Psychological Review, 74(3), 183–200.
Bernard, T. J., & Snipes, J. B. (1996). Theoretical integration in criminology. Crime and Justice, 20, 301–348.
Bernstein, E. S. (2017). Making transparency transparent: The evolution of observation in management theory. Academy of Management Annals, 11(1), 217–266.
Bhave, D. P. (2014). The invisible eye? Electronic performance monitoring and employee job performance. Personnel Psychology, 67(3), 605–635.
Bhave, D. P., Teo, L. H., & Dalal, R. S. (2020). Privacy at work: A review and a research agenda for a contested terrain. Journal of Management, 46(1), 127–164.
Blythe, J., Koppel, R., & Smith, S. W. (2013). Circumvention of security: Good users do bad things. IEEE Security & Privacy, 11(5), 80–83.
Brooks, M. E., Dalal, D. K., & Nolan, K. P. (2014). Are common language effect sizes easier to understand than traditional effect sizes? Journal of Applied Psychology, 99(2), 332–340.
Brzowski, M., & Nathan-Roberts, D. (2019, November). Trust measurement in human–automation interaction: A systematic review. In Proceedings of the Human Factors and Ergonomics Society Annual Meeting (Vol. 63, no. 1, pp. 1595-1599). SAGE CA: Los Angeles, CA: SAGE publications.
Burns, A., Posey, C., & Roberts, T. L. (2019). Insiders’ adaptations to security-based demands in the workplace: An examination of security behavioral complexity. Information Systems Frontiers. https://doi.org/10.1007/s10796-019-09951-9.
Burns, A., Roberts, T. L., Posey, C., Bennett, R. J., & Courtney, J. F. (2018). Intentions to comply versus intentions to protect: A vie theory approach to understanding the influence of insiders’ awareness of organizational seta efforts. Decision Sciences, 49(6), 1187–1228.
Butkovic, M. J., & Caralli, R. A. (2013). Advancing cybersecurity capability measurement using the CERT (registered trademark) - RMM maturity Indicator Lead scale (no, CMU/SEI-2013-TN-028. Pittsburgh, PA: Carnegie-Mellon University Software Engineering Institute.
Cannon-Bowers, J. A., & Bowers, C. (2011). Team development and functioning. In S. Zedeck (Ed.), (2011). APA handbook of industrial and organizational psychology, Vol 1: Building and developing the organization (pp. 597–650). Washington, DC, US: American Psychological Association.
Carson, K. P., Becker, J. S., & Henderson, J. A. (1998). Is utility really futile? A failure to replicate and an extension. Journal of Applied Psychology, 83(1), 84–96.
Chan, M., Woon, I., & Kankanhalli, A. (2005). Perceptions of information security in the workplace: Linking information security climate to compliant behavior. Journal of Information Privacy and Security, 1(3), 18–41.
Checklist Incident Priority. (n.d.). IT Process Maps. http://wiki.en.it-processmaps.com/index.php/Checklist_Incident_Priority
Chickowski, E. (2019, September 2). Every hour SOCs run, 15 minutes are wasted on false positives. https://securityboulevard.com/2019/09/every-hour-socs-run-15-minutes-are-wasted-on-false-positives/
Christian, M. S., Bradley, J. C., Wallace, J. C., & Burke, M. J. (2009). Workplace safety: A meta-analysis of the roles of person and situation factors. Journal of Applied Psychology, 94(5), 1103–1127.
Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident handling guide: Recommendations of the National Institute of Standards and Technology. National Institute of Standards and Technology Special Publication 800-61 Revision 2. http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf
Cobb, S. (2018, May 21). Cybersecurity training still neglected by many employers. welivesecurity. https://www.welivesecurity.com/2018/05/21/cybersecurity-training-still-neglected/
Costa, D. L., Albrethsen, M. J., Collins, M. L., Perl, S. J., Silowash, G. J., & Spooner, D. L. (2016). An insider threat indicator ontology. https://resources.sei.cmu.edu/asset_files/TechnicalReport/2016_005_001_454627.pdf
Cox, J. (2012). Information systems user security: A structured model of the knowing–doing gap. Computers in Human Behavior, 28(5), 1849–1858.
Cram, W. A., D'Arcy, J., & Proudfoot, J. G. (2019). Seeing the forest and the trees: A meta-analysis of the antecedents to information security policy compliance. MIS Quarterly, 43(2), 525–554.
CriticalStart. (2019). The impact of security alert overload. https://www.criticalstart.com/wp-content/uploads/CS_MDR_Survey_Report.pdf
Crossler, R. E., Johnston, A. C., Lowry, P. B., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computers & Security, 32, 90–101.
Cybersecurity glossary. (n.d.). Cybrary. https://www.cybrary.it/glossary
Dalal, R. S. (2005). A meta-analysis of the relationship between organizational citizenship behavior and counterproductive work behavior. Journal of Applied Psychology, 90(6), 1241–1255.
Dalal, R. S., Bolunmez, B., Tomassetti, A. J., & Sheng, Z. (2016). Escalation: An understudied team decision-making structure. In S. J. Zaccaro, R. S. Dalal, L. E. Tetrick, & J. A. Steinke (Eds.), Psychosocial dynamics of cyber security (pp. 104–121). New York, NY: Routledge.
Dalal, R. S., & Credé, M. (2013). Job satisfaction. In K. F. Geisinger (Ed.), American Psychological Association handbook of testing and assessment in psychology, Test theory and testing and assessment in industrial and organizational psychology (Vol. 1, pp. 675–691). Washington, D.C.: American Psychological Association.
Dalal, R. S., & Gorab, A. K. (2016). Insider threat in cyber security: What the organizational psychology literature on counterproductive work behavior can and cannot (yet) tell us. In S. J. Zaccaro, R. S. Dalal, L. E. Tetrick, & J. A. Steinke (Eds.), Psychosocial dynamics of cyber security (pp. 92–110). New York, NY: Routledge.
D'Arcy, J., Herath, T., & Shoss, M. K. (2014). Understanding employee responses to stressful information security requirements: A coping perspective. Journal of Management Information Systems, 31(2), 285–318.
D'Arcy, J., Hovav, A., & Galletta, D. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach. Information Systems Research, 20(1), 79–98.
Darwish, A., El Zarka, A., & Aloul, F. (2012, December). Towards understanding phishing victims' profile. In 2012 International Conference on Computer Systems and Industrial Informatics (pp. 1-5). IEEE. https://www.researchgate.net/profile/Fadi_Aloul/publication/261384277_Towards_understanding_phishing_victims'_profile/links/0deec53a48323b308d000000.pdf
Davis, F. D. (1989). Perceived usefulness, perceived ease of use, and user acceptance of information technology. MIS Quarterly, 13(3), 319–340.
Defoe, I. N., Dubas, J. S., Figner, B., & Van Aken, M. A. (2015). A meta-analysis on age differences in risky decision making: Adolescents versus children and adults. Psychological Bulletin, 141(1), 48–84.
Dehoyos, M. (2019). Common problems and limitations of cyber security awareness training. CPO Magazine. https://www.cpomagazine.com/cyber-security/common-problems-and-limitations-of-cyber-security-awareness-training/
Deloitte. (2018). Positive technology: Designing work environments for digital well-being. https://www2.deloitte.com/us/en/insights/focus/behavioral-economics/negative-impact-technology-business.html#endnote-sup-2
Dennis, A. R., & Minas, R. K. (2018). Security on autopilot: Why current security theories hijack our thinking and lead us astray. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 49(SI), 15-38.
Diaz, A., Sherman, A. T., & Joshi, A. (2020). Phishing in an academic community: A study of user susceptibility and behavior. Cryptologia, 44(1), 53–67.
Dreibelbis, R. C., Martin, J., Coovert, M. D., & Dorsey, D. W. (2018). The looming cybersecurity crisis and what it means for the practice of industrial and organizational psychology. Industrial and Organizational Psychology, 11(2), 346–365.
Dreyfuss, E. (2018, August 17). A bot panic hits Amazon's Mechanical Turk. https://www.wired.com/story/amazon-mechanical-turk-bot-panic/
Dunnette, M. D. (1966). Fads, fashions, and folderol in psychology. American Psychologist, 21(4), 343–352.
Faklaris, C., Dabbish, L. A., & Hong, J. I. (2019). A self-report measure of end-user security attitudes (SA-6). In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019).
Festinger, L., & Carlsmith, J. M. (1959). Cognitive consequences of forced compliance. Journal of Abnormal and Social Psychology, 58(2), 203–210.
Fisher, D. (2015). Millennial generation as an insider threat: High risk or overhyped? Naval Postgraduate School, Monterey, CA: Unpublished Thesis.
Flores, W. R., Antonsen, E., & Ekstedt, M. (2014). Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture. Computers & Security, 43, 90–110.
Fortin, J. (2019, May). 16. The New York Times. http://: Chelsea Manning ordered back to jail for refusal to testify in WikiLeaks inquiry. https://www.nytimes.com/2019/05/16/us/chelsea-manning-jail.html.
Frankenfield, J. (2020, May). 8. Investopedia: Zero-day attack https://www.investopedia.com/terms/z/zero-day-attack.asp.
Ghadge, A., Weiβ, M., Caldwell, N. D., & Wilding, R. (2020). Managing cyber risk in supply chains: A review and research agenda. Supply Chain Management: An International Journal, 25(2), 223–240.
Gladstein, D., & Reilly, N. (1985). Group decision making under threat: The tycoon game. Academy of Management Journal, 28(3), 613–627.
Gonzalez-Mulé, E., Mount, M. K., & Oh, I. S. (2014). A meta-analysis of the relationship between general mental ability and nontask performance. Journal of Applied Psychology, 99(6), 1222–1243.
Gratian, M., Bandi, S., Cukier, M., Dykstra, J., & Ginther, A. (2018). Correlating human traits and cyber security behavior intentions. Computers & Security, 73, 345–358.
Greenberg, A. (2018, August 22). The untold story of NotPetya, the most devastating cyberattack in history. https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/
Groves, P. M., & Thompson, R. F. (1970). Habituation: A dual-process theory. Psychological Review, 77(5), 419–450.
Hackman, R. J., & Oldham, G. (1976). Motivation through the design of work: Test of a theory. Organizational Behavior and Human Performance, 16(2), 250–279.
Hadlington, L. (2017). Human factors in cybersecurity: Examining the link between internet addiction, impulsivity, attitudes towards cybersecurity, and risky cybersecurity behaviours. Heliyon, 3(7), e00346.
Halevi, T., Lewis, J., & Memon, N. (2013). A pilot study of cyber security and privacy related behavior and personality traits, In Proceedings of the 22nd International Conference on World Wide Web (pp. 737–744). Rio de Janeiro: Brazil.
Harrison, D. A., Price, K. H., & Bell, M. P. (1998). Beyond relational demography: Time and the effects of surface- and deep-level diversity on work group cohesion. Academy of Management Journal, 41(1), 96–107.
Harrison, D. A, Price, K. H., Gavin, J. H., & Florey, A. T. (2002). Time, teams, and task performance: Changing effects of surface and deep-level diversity on group functioning. Academy of Management Journal, 45(5), 1029–1045.
Harsch, S. (2019, Nov.). 4. RSA: Operationalizing incident response https://www.rsa.com/en-us/blog/2019-11/operationalizing-incident-response.
Hathaway, M., & Klimburg, A. (2012). Preliminary considerations: On national cyber security. National Cyber Security Framework Manual. Tallinn: NATO Cooperative Cyber Defence Centre of Excellence.
Herath, T., & Rao, H. R. (2009). Protection motivation and deterrence: A framework for security policy compliance in organisations. European Journal of Information Systems, 18(2), 106–125.
Howard, D. J. (2018). Development of the cybersecurity attitudes scale and modeling cybersecurity behavior and its antecedents. [unpublished master’s thesis]. University of South Florida. https://scholarcommons.usf.edu/cgi/viewcontent.cgi?article=8503&context=etd
Huntley, S. (2020, April 22). Findings on COVID-19 and online security threats. https://blog.google/threat-analysis-group/findings-covid-19-and-online-security-threats/
Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-driven computer network defense informed by analysis of adversary campaigns and intrusion kill chains. In J. Ryan (Ed.), Leading issues in information warfare and security research (pp. 80–106). Reading, U.K.: Academic Publishing International.
Ifinedo, P. (2014). Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), 69–79.
Im, G. P., & Baskerville, R. L. (2005). A longitudinal study of information system threat categories: The enduring problem of human error. ACM SIGMIS Database: The DATABASE for Advances in Information Systems, 36(4), 68–79.
ISO/IEC. (2018) ISO/IEC 27000:2018(en). https://www.iso.org/obp/ui/#iso:std:iso-iec:27000:ed-5:v1:en
Jenkins, J. L., Anderson, B. B., Vance, A., Kirwan, C. B., & Eargle, D. (2016). More harm than good? How messages that interrupt can make us vulnerable. Information Systems Research, 27(4), 880–896.
Jensen, M. L., Dinger, M., Wright, R. T., & Thatcher, J. B. (2017). Training to mitigate phishing attacks using mindfulness techniques. Journal of Management Information Systems, 34(2), 597–626.
Johnson, A. M. (2005). The technology acceptance model and the decision to invest in information security. In Southern Association of Information Systems Conference (pp. 114-118).
Johnson, L. (2014). Computer incident response and forensics team management: Conducting a successful incident response. Waltham, MA: Syngress/Elsevier.
Jones, C. M., McCarthy, R. V., Halawi, L., & Mujtaba, B. (2010). Utilizing the technology acceptance model to assess the employee adoption of information systems security measures. Issues in Information Systems, 11(1), 9–16.
Judge, T. A., & Kammeyer-Mueller, J. D. (2012). Job attitudes. Annual Review of Psychology, 63, 341–367.
Judge, T. A., Thoresen, C. J., Bono, J. E., & Patton, G. K. (2001). The job satisfaction–job performance relationship: A qualitative and quantitative review. Psychological Bulletin, 127(3), 376–407.
Kahneman, D. (2011). Thinking, fast and slow. New York, NY: Farrar, Straus, and Giroux.
Kashdan, T. B., Disabato, D. J., Goodman, F. R., & McKnight, P. E. (2020). The five-dimensional curiosity scale revised (5DCR): Briefer subscales while separating overt and covert social curiosity. In press at Personality and Individual Differences.
Kessler, S. R., Pindek, S., Kleinman, G., Andel, S. A., & Spector, P. E. (2019). Information security climate and the assessment of information security risk among healthcare employees. Health Informatics Journal, 26(1), 461–473.
Khaitan, S. K., & McCalley, J. D. (2014). Design techniques and applications of cyberphysical systems: A survey. IEEE Systems Journal, 9(2), 350–365.
Killcrece, G., Kossakowski, K.-P., Ruefle, R., & Zajicek, M. (2003). State of the practice of computer security incident response teams (CSIRTs). Carnegie Mellon University Software Engineering Institute technical report https://resources.sei.cmu.edu/asset_files/TechnicalReport/2003_005_001_14204.pdf.
King, Z. M., Henshel, D. S., Flora, L., Cains, M. G., Hoffman, B., & Sample, C. (2018). Characterizing and measuring maliciousness for cybersecurity risk assessment. Frontiers in Psychology, 9, 39.
Klopfer, P. H., & Rubenstein, D. I. (1977). The concept privacy and its biological basis. Journal of Social Issues, 33(3), 52–65.
Knightley, P. (2010, Mar.). 12. Foreign Policy: The history of the honey trap https://foreignpolicy.com/2010/03/12/the-history-of-the-honey-trap/.
Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (2015). Advanced social engineering attacks. Journal of Information Security and Applications, 22, 113–122.
Kumaraguru, P., Sheng, S., Acquisti, A., Cranor, L. F., & Hong, J. (2010). Teaching Johnny not to fall for phish. ACM Transactions on Internet Technology (TOIT), 10(2), 1–31.
Lawson, P. A., Crowson, A. D., & Mayhorn, C. B. (2018). Baiting the hook: Exploring the interaction of personality and persuasion tactics in email phishing attacks. In S. Bagnara, R. Tartaglia, S. Albolino, T. Alexander, & Y. Fujita (Eds.), Proceedings of the 20th congress of the international ergonomics association (IEA 2018): Vol. V, Human simulation and virtual environments, work with computing systems (WWCS), process control (pp. 401–406). Cham, Switzerland: Springer Nature Switzerland.
Lee, H., & Dalal, R. S. (2011). The effects of performance extremities on ratings of dynamic performance. Human Performance, 24(2), 99–118.
Leune, K., & Tesink, S. (2006). Designing and developing an application for incident response teams. In Forum for incident response and security teams (FIRST) conference. MD, USA.: Baltimore https://www.first.org/resources/papers/conference2006/leune-kees-papers.pdf.
Litman, J. A. (2008). Interest and deprivation factors of epistemic curiosity. Personality and Individual Differences, 44(7), 1585–1595.
Lorenz, T. (2020, April 7). ‘Zoombombing’: When video conferences go wrong. https://www.nytimes.com/2020/03/20/style/zoombombing-zoom-trolling.html
Madon, M. (2018). Cybersecurity breakdown: Improving workplace awareness. Mimecast. https://www.mimecast.com/blog/2018/12/cybersecurity-breakdown-improving-workplace-awareness/
Martin, J., Dubé, C., & Coovert, M. D. (2018). Signal detection theory (SDT) is effective for modeling user behavior toward phishing and spear-phishing attacks. Human Factors, 60(8), 1179–1191.
Mata, R., Josef, A. K., Samanez-Larkin, G. R., & Hertwig, R. (2011). Age differences in risky choice: A meta-analysis. Annals of the New York Academy of Sciences, 1235(1), 18–29.
Mathieu, J. E., Gallagher, P. T., Domingo, M. A., & Klock, E. A. (2019). Embracing complexity: Reviewing the past decade of team effectiveness research. Annual Review of Organizational Psychology and Organizational Behavior, 6, 17–46.
Mathieu, J. E., Hollenbeck, J. R., van Knippenberg, D., & Ilgen, D. R. (2017). A century of work teams in the journal of applied psychology. Journal of Applied Psychology, 102(3), 452–467.
Mathieu, J. E., Marks, M. A., & Zaccaro, S. J. (2001). Multi-team systems. In N. Anderson, D. Ones, H. K. Sinangil, & C. Viswesvaran (Eds.), International handbook of work and organizational psychology (Vol. 2, pp. 289–313). London, U.K.: Sage Publications.
Maybury, M., Chase, P., Cheikes, B., Brackney, D., Matzner, S., Hetherington, T., Wood, B., Sibley, C., Marin, J., Longstaff, T., Spitzner, L., Haile, J., Copeland, J., & Lewandowski, S. (2005). Analysis and detection of malicious insiders. Bedford, MA: MITRE https://www.mitre.org/sites/default/files/pdf/05_0207.pdf.
Mayer, R. C., Davis, J. H., & Schoorman, F. D. (1995). An integrative model of organizational trust. Academy of Management Review, 20(3), 709–734.
Merez, A. (2019, January 19). Over 900,000 affected by Cebuana Lhuillier data breach. ABS-CBN News. https://news.abs-cbn.com/business/01/19/19/over-900000-affected-by-cebuana-lhuillier-data-breach
Meyer, R. D., Dalal, R. S., & Hermida, R. (2010). A review and synthesis of situational strength in the organizational sciences. Journal of Management, 36(1), 121–140.
Mitchell, R. K., Agle, B. R., & Wood, D. J. (1997). Toward a theory of stakeholder identification and salience: Defining the principle of who and what really counts. Academy of Management Review, 22(4), 853–886.
Mls, K., & Otčenášková, T. (2013). Analysis of complex decisional situations in companies with the support of AHP extension of Vroom-Yetton contingency model. IFAC Proceedings, 46(9), 549–554.
Moniz, J. (2018, Oct. 18). Is compliance compromising your information security culture? Carnegie Mellon University Software Engineering Institute https://insights.sei.cmu.edu/insider-threat/2018/10/is-compliance-compromising-your-information-security-culture.html.
Moore, A. P., Hanley, M., & Mundie, D. (2011, October). A pattern for increased monitoring for intellectual property theft by departing insiders. In Proceedings of the 18th Conference on Pattern Languages of Programs (pp. 1-10).
Morgeson, F. P., Mitchell, T. R., & Liu, D. (2015). Event system theory: An event-oriented approach to the organizational sciences. Academy of Management Review, 40(4), 515–537.
Mussel, P. (2013). Introducing the construct curiosity for predicting job performance. Journal of Organizational Behavior, 34(4), 453–472. https://doi.org/10.1002/job.1809.
Mussel, P., Spengler, M., Litman, J. A., & Schuler, H. (2012). Development and validation of the German work-related curiosity scale. European Journal of Psychological Assessment, 28(2), 109–116.
National Initiative for Cybersecurity Careers and Studies (NICCS). (2018). Explore terms: A glossary of common cybersecurity terminology. https://niccs.us-cert.gov/about-niccs/glossary
NCSC-NL (2015). CSIRT Maturity Kit: A step-by-step guide towards enhancing CSIRT Maturity. https://www.ncsc.nl/binaries/ncsc/documenten/publicaties/2019/mei/01/csirt-maturity-kit/CSIRT_MK_guide.pdf
Neal, A., & Griffin, M. A. (2004). Safety climate and safety at work. In J. Barling & M. R. Frone (Eds.), The psychology of workplace safety (pp. 15–34). Washington, D.C.: American Psychological Association.
Newhouse, W., Keith, S., Scribner, B., & Witte, G. (2017). National Initiative for Cybersecurity Education (NICE) cybersecurity workforce framework. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-181.pdf
Ng, T. W., & Feldman, D. C. (2008). The relationship of age to ten dimensions of job performance. Journal of Applied Psychology, 93(2), 392–423.
O’Brien, J. A., & Marakas, G. M. (2011). Management information systems (10th ed.). New York, NY: McGraw Hill/Irwin.
O’Sullivan, D. (2019, October 18). We asked a hacker to try and steal a CNN tech reporter's data. CNN: Here's what happened https://www.cnn.com/2019/10/18/tech/reporter-hack/index.html.
Oliveira, D., Rocha, H., Yang, H., Ellis, D., Dommaraju, S., Muradoglu, M., Weir, D., Soliman, A., Lin, T., & Ebner, N. (2017, May). Dissecting spear phishing emails for older vs young adults: On the interplay of weapons of influence and life domains in predicting susceptibility to phishing. In Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems (pp. 6412-6424). https://ebnerlab.psych.ufl.edu/files/p6412-oliveira.pdf
Patterson, W., Winston, C., & Fleming, L. (2016). Behavioral cybersecurity: Human factors in the cybersecurity curriculum. In D. Nicholson (Ed.), Advances in human factors in cybersecurity (pp. 253–266). Basel, Switzerland: Springer International Publishing.
Pfleeger, S. L., & Caputo, D. D. (2012). Leveraging behavioral science to mitigate cyber security risk. Computers & Security, 31(4), 597–611.
Pickens, J. (2005). Attitudes and perceptions. In N. Borkowski (Ed.), Organizational behavior in health care (pp. 43–76). Sudbury, MA: Jones and Bartlett.
Piètre-Cambacédès, L., & Bouissou, M. (2013). Cross-fertilization between safety and security engineering. Reliability Engineering & System Safety, 110, 110–126.
Platt, J. R. (1964). Strong inference. Science, 146(3642), 347–353.
Porter, K. (2019). 2019 data breaches: 4 billion records breached so far. Norton. https://us.norton.com/internetsecurity-emerging-threats-2019-data-breaches.html#:~:text=Mega%2Dbreaches%20grab%20headlines%2C%20but,a%20record%20pace%20in%202019.
Poser, M., & Bittner, E. A. C. (March, 2020). Hybrid teamwork: Consideration of teamwork concepts to reach naturalistic interaction between humans and conversational agents. In Presented at the 15th international conference on Wirtschaftsinformatik. Germany: Pottsdam https://bit.ly/3hphVw8.
Posey, C., & Canham, M. (2018). A computational social science approach to examine the duality between productivity and cybersecurity policy compliance within organizations. Paper presented at the 2018 International conference on social computing, Behavioral-Cultural Modeling & Prediction and Behavior Representation in Modeling and Simulation, Washington, D.C.
Posey, C., Raja, U., Crossler, R. E., & Burns, A. J. (2017). Taking stock of organisations’ protection of privacy: Categorising and assessing threats to personally identifiable information in the USA. European Journal of Information Systems, 26(6), 585–604.
Posey, C., Roberts, T. L., Lowry, P. B., & Hightower, R. T. (2014). Bridging the divide: A qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders. Information & Management, 51(5), 551–567.
Posey, C., Roberts, T. L., Lowry, P. B., Bennett, R. J., & Courtney, J. F. (2013). Insiders' protection of organizational information assets: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. MIS Quarterly, 37(4), 1189–1210.
Post, G. V., & Kagan, A. (2007). Evaluating information security tradeoffs: Restricting access can interfere with user tasks. Computers & Security, 26(3), 229–237.
Prensky, M. (2013). Digital natives, digital immigrants. In K. L. Blair, J. Almjeld, & R. M. Murphy (Eds.), Cross currents: Cultures, communities, technologies (pp. 45–51). Boston, MA: Wadsworth.
Pulakos, E. D., Schmitt, N., Dorsey, D. W., Arad, S., Borman, W. C., & Hedge, J. W. (2002). Predicting adaptive performance: Further tests of a model of adaptability. Human Performance, 15(4), 299–323.
Rahman, M., & Donahue, S. E. (2010). Convergence of corporate and information security. https://www.researchgate.net/profile/Syed_Rahman10/publication/41393182_Convergence_of_Corporate_and_Information_Security/links/0f31753a4b8a0014b9000000/Convergence-of-Corporate-and-Information-Security.pdf
Reason, J. (1990). Human error. Cambridge, U.K.: Cambridge University Press.
Reb, J., & Cropanzano, R. (2007). Evaluating dynamic performance: The influence of salient gestalt characteristics on performance ratings. Journal of Applied Psychology, 92(2), 490–499.
Richardson, G. E., Neiger, B., Jensen, S., & Kumpfer, K. (1990). The resiliency model. Health Education, 21(6), 33–39.
Robinson, S. L., & Bennett, R. J. (1995). A typology of deviant workplace behaviors: A multidimensional scaling study. Academy of Management Journal, 38(2), 555–572.
Robinson, S. L., & Bennett, R. J. (1997). Workplace deviance: Its definition, its manifestations, and its causes. In R. J. Lewicki, R. J. Bies, & B. H. Sheppard (Eds.), Research on negotiation in organizations (Vol. 6, pp. 3–27). Stanford, CT: JAI Press.
Rouse, M. (2016). Definition: CISO (chief information security officer). Techtarget. https://searchsecurity.techtarget.com/definition/CISO-chief-information-security-officer
Ruefle R., van Wyk K., & Tosic, L. (2013). New Zealand security incident management guide for computer security incident response teams (CSIRTs). https://www.ncsc.govt.nz/assets/NCSC-Documents/New-Zealand-Security-Incident-Management-Guide-for-Computer-Security-Incident-Response-Teams-CSIRTs.pdf
Ruefle, R. (2007). Defining computer security incident response teams. Cybersecurity and Infrastructure Security Agency. https://www.us-cert.gov/bsi/articles/best-practices/incident-management/defining-computer-security-incident-response-teams
Salas, E., Shuffler, M. L., Thayer, A. L., Bedwell, W. L., & Lazzara, E. H. (2014). Understanding and improving teamwork in organizations: A scientifically based practical guide. Human Resource Management, 54(4), 599–622.
Sapienza, M. L. (2019). Analysis of energy delivery sector malware attack response mechanisms [unpublished master’s thesis]. Massachusetts Institute of Technology.
Sasse, M. A., & Flechais, I. (2005). Usable security: Why do we need it? How do we get it? In L. F. Cranor & S. Garfinkel (Eds.), Security and usability: Designing secure systems that people can use (pp. 13–30). Sebastopol, CA: O’Reilly Media.
Schaefer, K. E., Chen, J. Y., Szalma, J. L., & Hancock, P. A. (2016). A meta-analysis of factors influencing the development of trust in automation: Implications for understanding autonomy in future systems. Human Factors, 58(3), 377–400.
Schneider, B., Salvaggio, A. N., & Subirats, M. (2002). Climate strength: A new direction for climate research. Journal of Applied Psychology, 87(2), 220–229.
Seeber, I., Bittner, E., Briggs, R. O., de Vreede, T., De Vreede, G.-J., Elkins, A., Maier, R., Merz, A. B., Oeste-Reiβ, S., Randrup, N., Schwabe, G., & Söllner, M. (2020). Machines as teammates: A research agenda on AI in team collaboration. In press at Information & Management.
Shanock, L. R., Baran, B. E., Gentry, W. A., Pattison, S. C., & Heggestad, E. D. (2010). Polynomial regression with response surface analysis: A powerful approach for examining moderation and overcoming limitations of difference scores. Journal of Business and Psychology, 25(4), 543–554.
Sheng, S., Holbrook, M., Kumaraguru, P., Cranor, L. F., & Downs, J. (2010, April). Who falls for phish? A demographic analysis of phishing susceptibility and effectiveness of interventions. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (pp. 373-382). http://lorrie.cranor.org/pubs/pap1162-sheng.pdf
Shipilov, A., & Gawer, A. (2020). Integrating research on interorganizational networks and ecosystems. Academy of Management Annals, 14(1), 92–121.
Silic, M., & Back, A. (2014). Shadow IT–A view from behind the curtain. Computers & Security, 45, 274–283.
Sindre, G. (2007, September). A look at misuse cases for safety concerns. In Working conference on method engineering (pp. 252–266). Boston, MA: Springer.
Skopik, F., Settanni, G., & Fiedler, R. (2016). A problem shared is a problem halved: A survey on the dimensions of collective cyber defense through security information sharing. Computers & Security, 60, 154–176.
Smith, G. F. (1989). Defining managerial problems: A framework for prescriptive theorizing. Management Science, 35(8), 963–981.
Software Engineering Institute (SEI). (2014). Software assurance for executives: Definitions. https://resources.sei.cmu.edu/asset_files/EducationalMaterial/2014_011_001_81821.pdf
Spector, P. E., Fox, S., Penney, L. M., Bruursema, K., Goh, A., & Kessler, S. (2006). The dimensionality of counterproductivity: Are all counterproductive behaviors created equal? Journal of Vocational Behavior, 68(3), 446–460.
Srinivas, J., Das, A. K., & Kumar, N. (2019). Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems, 92, 178–188.
Steinke, J., Bolunmez, B., Fletcher, L., Wang, V., Tomassetti, A. J., Repchik, K. M., Zaccaro, S. J., Dalal, R. S., & Tetrick, L. E. (2015). Improving cybersecurity incident response team effectiveness using teams-based research. IEEE Security & Privacy, 13(4), 20–29.
Stikvoort, D. (2010, September 1). SIM3: Security incident management maturity model. https://www.terena.org/activities/tf-csirt/publications/SIM3-v15.pdf
Stokes, D. E. (1997). Pasteur’s quadrant: Basic science and technological innovation. Washington, D.C.: Brookings Institution Press.
Stone-Romero, E. F., & Stone, D. L. (2007). Current perspectives on privacy in organizations. In S. W. Gilliland, D. D. Steiner, & D. P. Skarlicki (Eds.), Managing social and ethical issues in organizations (pp. 325–362). Greenwich, CT: Information Age.
Straub, D. W., & Welke, R. J. (1998). Coping with systems risk: Security planning models for management decision making. MIS Quarterly, 22(4), 441–469.
Symantec. (2019, February). ITSR internet security threat report. https://docs.broadcom.com/doc/istr-24-2019-en
Tetrick, L. E., Zaccaro, S. J., Dalal, R. S., Steinke, J. A., Repchick, K. M., Hargrove, A. K., Shore, D. B., Winslow, C. J., Chen, T. R., Green, J. P., Bolunmez, B., Tomassetti, A. J., McCausland, T. C., Fletcher, L., Sheng, Z., Schrader, S. W., Gorab, A. K., Niu, Q., & Wang, V. (2016). Improving social maturity of cybersecurity incident response teams. Fairfax, VA: George Mason University http://calctraining2015.weebly.com/the-handbook.html.
Tonidandel, S., King, E., & Cortina, J. (2018). Big data methods: Leveraging modern data analytic techniques to build organizational science. Organizational Research Methods, 21(3), 525–547.
van de Weijer, S. G., & Leukfeldt, E. R. (2017). Big five personality traits of cybercrime victims. Cyberpsychology, Behavior and Social Networking, 20(7), 407–412.
Vance, A., Jenkins, J. L., Anderson, B. B., Bjornn, D. K., & Kirwan, C. B. (2018). Tuning out security warnings: A longitudinal examination of habituation through FMRI, eye tracking, and field experiments. MIS Quarterly, 42(2), 355–380.
Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: Insights from habit and protection motivation theory. Information & Management, 49(3–4), 190–198.
Venkatraman, S., Cheung, C., Lee, Z., Davis, F., & Venkatesh, V. (2018). The “Darth” side of technology use: An inductively derived typology of cyberdeviance. Journal of Management Information Systems, 35(4), 1060–1091.
Verizon. (2019). 2019 data breach investigations report. Verizon. https://enterprise.verizon.com/resources/reports/dbir/
Vincent, J. (2018, July 20). 1.5 million affected by hack targeting Singapore’s health data. The verge. https://www.theverge.com/2018/7/20/17594578/singapore-health-data-hack-sing-health-prime-minister-lee-targeted.
Vishwanath, A. (2016). Mobile device affordance: Explicating how smartphones influence the outcome of phishing attacks. Computers in Human Behavior, 63(10), 198–207.
Vishwanath, A., Herath, T., Chen, R., Wang, J., & Rao, H. R. (2011). Why do people get phished? Testing individual differences in phishing vulnerability within an integrated, information processing model. Decision Support Systems, 51(3), 576–586.
von Solms, R., & van Niekerk, J. (2013). From information security to cyber security. Computers & Security, 38, 97–102.
Vroom, V. H., & Jago, A. G. (1988). The new leadership: Managing participation in organizations. Englewood Cliffs, NJ: Prentice Hall.
Vroom, V. H., & Yetton, P. W. (1973). Leadership and decision making. Pittsburgh, PA: University of Pittsburgh Press.
Wainer, J., Dabbish, L., & Kraut, R. (2011). Should I open this email? Inbox-level cues, curiosity and attention to email, Proceedings of the SIGCHI conference on human factors in computing systems (pp. 3439–3448). Canada: Vancouver.
Weick, K. E. (1987). Organizational culture as a source of high reliability. California Management Review, 29(2), 112–127.
Willison, R., & Warkentin, M. (2013). Beyond deterrence: An expanded view of employee computer abuse. MIS Quarterly, 37(1), 1–20.
Yin, R. K. (2017). Case study research: Design and methods (6th ed.). Thousand Oaks, CA: Sage.
Zaccaro, S. J., Fletcher, L. S., & DeChurch, L. A. (2017). Creativity and innovation in multiteam systems. In R. Reiter-Palmon (Ed.), Team creativity and innovation (pp. 225–255). New York, NY: Oxford University Press.
Zaccaro, S. J., Hargrove, A., Chen, T. R., Repchick, K., & McCausland, T. (2016). A comprehensive multilevel taxonomy of cybersecurity incident response performance. In S. J. Zaccaro, R. D. Dalal, L. E. Tetrick, & J. A. Steinke (Eds.), Psychosocial dynamics of cyber security. New York, NY: Routledge.
Zaccaro, S.J., Marks, M.A., & DeChurch, L.A. (2011). Multiteam systems: An organizational form for dynamic and complex environments. New York, NY: Routledge (Taylor & Francis).
Zaccaro, S. J., & Torres, E. M. (2020). Leader social acuity. In M. D. Mumford & C. A. Higgs (Eds.), Leader thinking skills: Capacities for contemporary leadership (pp. 307–339). New York, NY: Routledge.
Zaccaro, S. J., Weis, E., Chen, T. R., & Matthews, M. D. (2014). Situational load and personal attributes: Implications for adaptive readiness and training. In H. F. O'Neil, R. S. Perez, & E. L. Baker (Eds.), Teaching and measuring cognitive readiness (pp. 93–115). New York: Springer.
Zaccaro, S. J. Weis, E., Hilton, R., & Jeffries, J. (2011). Building resilient teams. In. P. Sweeney, M. Matthews, & P. Lester (Eds.), Leading in dangerous contexts (pp. 182-201). Annapolis, MD: Naval institute press.