full

full
Published on:

30th Sep 2021

Cyber Complacency with Dr. Tom Stafford

In this episode of Cyber Ways, Craig interviews co-host Dr. Tom Stafford about his 2021 paper, Platform-Dependent Computer Security Complacency: The Unrecognized Insider Threat, which was published in the IEEE Transactions on Engineering Management.


Dr. Stafford is the J.E. Barnes Eminent Scholar in Data Analytics at Louisiana Tech University. He holds doctorates in Marketing from the University of Georgia, and Management Information Systems from the University of Texas at Arlington. In addition to publishing dozens of articles in high-quality journals, he has served as Editor-in-Chief of the Decision Sciences Journal, and is currently co-Editor-in-Chief of The DATA BASE for Advances in Information Systems,  which is the oldest continuously-published journal in information systems. Dr. Stafford also co-chaired the 2018 Americas Conference on Information Systems, and the 2019 IFIP 8.11/11.13 Information Security Workshop. He is also co-chairing the 2025 International Conference in Information Systems. 


Tom’s paper discusses how many problematic security behaviors are the result of complacency or ignorance, rather than explicit malicious behavior. He also describes the concept of cyber-complacency, which he defines as an unconcerned dependence on technological security protections.


Abstract (direct copy from the paper)

This article reports on a grounded theory investigation of subject response anomalies that were encountered in the course of a neurocognitive laboratory study of computer user cybersecurity behaviors. Subsequent qualitative data collection led to theoretical development in specification of three broad constructs of computer user security complacency. Theoretical insights indicate that states of security complacency can arise in the form of a naïve lack of concern about the likelihood of facing security threats (inherent complacency), from ill-advised dependence upon specific computing platforms and protective workplace technology implementations for protection (platform complacency), as well as the reliance on the guidance on advice from trusted social others in personal and workplace networks (social complacency). Elements of an emergent theory of cybersecurity complacency arising from our interpretive insights are discussed.


Link to the paper: https://ieeexplore.ieee.org/document/9373614

The Cyber Ways podcast is brought to you by the Center for Information Assurance, at Louisiana Tech University’s College of Business. Cyber Ways is funded through a Just Business grant, made possible through the generosity of donors to the Louisiana Tech University College of Business.

Intro audio for the Cyber Ways Podcast

Outro audio for Cyber Ways Podcast

Cyber Ways is brought to you by the Center for Information Assurance, which is housed in the College of Business at Louisiana Tech University. The podcast is made possible through a "Just Business Grant," which is funded by the University's generous donors.

https://business.latech.edu/cyberways/

Next Episode All Episodes Previous Episode

Listen for free

Show artwork for Cyber Ways Podcast

About the Podcast

Cyber Ways Podcast
The Cyber Ways Podcast brings academic cyber security research into the "real world." We interview top academic researchers to find how their research can be put into practice by cyber security professionals. Our focus is on behavioral aspects of cyber security. Occasionally, we touch on related topics, such as information privacy and surveillance.Each episode discusses one published, peer-reviewed article to reveal the practical implications of the research. Your hosts, Tom Stafford and Craig Van Slyke, are both widely published information systems academics who keep one foot in the world of practice.The Cyber Ways Podcast is brought to you by the Center for Information Assurance at the Louisiana Tech University's College of Business. The Cyber Ways podcast is funded through a Just Business grant, made possible through the generosity of donors to the Louisiana Tech University College of Business.

About your host

Profile picture for Craig Van Slyke

Craig Van Slyke

Dr. Tom Stafford and Dr. Craig Van Slyke are both widely published information systems academics who keep one foot in the world of practice.

Stafford serves as editor-in-chief of The DATA BASE for Advances in Information Systems, the longest continually-published MIS journal, and has previously edited 13 special issues of notable journals including Communications of the ACM, IEEE Transactions, and MIS Quarterly. He co-chaired the 2018 Americas Conference for Information Systems and chaired 2019 Dewald Roode Workshop on Information Systems Security Research. He has been selected to serve as the chair for the 2025 International Conference for Information Systems, one of the most notable yearly research meetings in the field of business technology.

Van Slyke, former dean of the W.A. Franke College of Business at Northern Arizona University, has published over 40 articles in respected academic journals including Decision Sciences, Communications of the ACM, European Journal of Information Systems, and Journal of the Association for Information Systems. His fourth co-authored textbook, “Information Systems in Business: An Experiential Approach,” is in its fourth edition, and his first trade book, “On Leadership and Life: Essays on Leading and Living Well,” was published in 2017.