Journal of Management Information Systems

Volume 31 Number 4 2015 pp. 6-48

The Role of Self-Control in Information Security Violations: Insights from a Cognitive Neuroscience Perspective

Hu, Qing, West, Robert, and Smarandescu, Laura


Self-control has been identified as a major factor influencing individual behavior in the social science, neuroscience, criminology, and information security literatures. In this study, we first developed and validated a novel paradigm suitable for use with event-related potentials (ERPs) in scenario-based laboratory experiments of decision making in the context of information security. We then used this paradigm to examine the association between individual differences in self-control and ERPs elicited while individuals deliberated over violations of information security policies. Our results show that the left and right hemispheres of the brain were involved in decision making, and that the participants with low self-control had lower levels of neural recruitment in both hemispheres relative to those with high self-control. This was especially the case for regions in or near the dorsal lateral prefrontal cortex (DLPFC) and inferior frontal cortex (IFC). These results extend the findings in neuroscience literature related to the role of self-control in decision making in general, and validate a new paradigm for use with the electroencephalography/event-related potentials (EEG/ERP) technique to examine theoretical questions in information security and criminology research.

Key words and phrases: information security, neuroscience, self-control, policy compliance, neural correlates, electroencephalography (EEG), event-related potentials (ERPs), NeuroIS