D. E. Denning, An intrusion-detection model, IEEE Transactions on Software Engineering SE, vol.13, pp.222-232, 1987.

B. M. Bowen, Designing Host and Network Sensors to Mitigate the Insider Threat, IEEE Security & Privacy Magazine, vol.7, issue.6, pp.22-29, 2009.
DOI : 10.1109/MSP.2009.109

M. Sein, Action design research, MIS Quarterly, vol.35, issue.1, pp.37-56, 2011.

W. J. Orlikowski and C. S. Iacono, Research commentary: Desperately seeking the " IT " in IT research?A call to theorizing the IT artifact. Information systems research, pp.121-134, 2001.

M. R. Jones and H. Karsten, Gidden's Structuration Theory and Information Systems Research, MIS Quarterly, vol.32, pp.127-157, 2008.

G. Dhillon and S. Moores, Computer crimes: theorizing about the enemy within, Computers & Security, vol.20, issue.8, pp.715-723, 2001.
DOI : 10.1016/S0167-4048(01)00813-6

M. E. Warkentin and R. Willison, Behavioral and policy issues in information systems security: the insider threat, European Journal of Information Systems, vol.15, issue.4, pp.101-105, 2009.
DOI : 10.1057/palgrave.ejis.3000592

D. M. Cappelli, Common Sense Guide to Prevention and Detection of Insider Threat, 2009.

A. Cummings, Insider Threat Study: Illicit Cyber Activity Involving Fraud in the U, S. Financial Services Sector

K. Brancik, Insider Computer Fraud: An In-depth Framework for Detecting and Defending against Insider IT Attacks, 2007.
DOI : 10.1201/9781420046601

P. H. Hartel, M. Junger, and R. J. , Wieringa Cyber-crime Science = Crime Science + Information Security, 2010.

L. Spitzner, Honeypots: catching the insider threat, 19th Annual Computer Security Applications Conference, 2003. Proceedings., pp.170-179, 2003.
DOI : 10.1109/CSAC.2003.1254322

M. Chagarlamudi, B. Panda, and Y. Hu, Insider Threat in Database Systems: Preventing Malicious Users' Activities in Databases, 2009 Sixth International Conference on Information Technology: New Generations, pp.1616-1620, 2009.
DOI : 10.1109/ITNG.2009.67

S. R. Boss, If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security, European Journal of Information Systems, vol.46, issue.2, pp.151-164, 2009.
DOI : 10.1287/mnsc.

B. Bulgurcu, H. Cavusoglu, and I. Benbasat, Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness, MIS Quarterly, vol.34, issue.3, pp.523-548, 2010.

D. 'arcy, J. , A. Hovav, and D. Galletta, User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach, Information Systems Research, vol.20, issue.1, pp.79-98, 2009.
DOI : 10.1287/isre.1070.0160

T. Herath and H. R. Rao, Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness. Decision Support Systems, pp.47-154, 2009.

K. H. Guo, Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model, Journal of Management Information Systems, vol.15, issue.4, pp.203-236, 2011.
DOI : 10.2753/MIS0742-1222280208

J. Reason, Achieving a safe culture: Theory and practice, Work & Stress, vol.29, issue.3, pp.293-306, 1998.
DOI : 10.1080/02678379808256868

J. T. Reason, The human contribution: unsafe acts, accidents and heroic recoveries, 2008.
DOI : 10.1201/9781315239125

F. L. Greitzer and D. A. Frincke, Combining Traditional Cyber-security Audit Data with Psychosocial Data: Towards Predictive Modeling for Insider Threat Mitigation Insider Threats in Cyber-security - Advances in Information Security, pp.85-113, 2010.

S. Hoyer, Fraud Prediction and the Human Factor: An Approach to Include Human Behavior in an Automated Fraud Audit, 2012 45th Hawaii International Conference on System Sciences, pp.2382-2391, 2012.
DOI : 10.1109/HICSS.2012.289

A. Vance, M. Siponen, and S. Pahnila, Motivating IS security compliance: insights from habit and protection motivation theory. Information & Management, pp.190-198, 2012.

T. Herath and H. R. Rao, Protection motivation and deterrence: a framework for security policy compliance in organisations, European Journal of Information Systems, vol.48, issue.8, pp.106-125, 2009.
DOI : 10.1145/1076211.1076238

S. Ramachandran, Variations in Information Security Cultures across Professions: A qualitative study. Communications of the Association for Information Systems, pp.163-204, 2013.

K. Hedström, Value conflicts for information security management, The Journal of Strategic Information Systems, vol.20, issue.4, pp.373-384, 2011.
DOI : 10.1016/j.jsis.2011.06.001

Y. A. Talib and G. Dhillon, Invited Paper: Employee Emancipation and Protection of Information, 5th Annual Symposium on Information Assurance (ASIA'10, 2010.

G. Dhillon and R. Chowdhuri, Organizational Transformation and Information Security Culture: A Telecom Case Study, ICT Systems Security and Privacy Protection, pp.431-437, 2014.
DOI : 10.1007/978-3-642-55415-5_36

URL : https://hal.archives-ouvertes.fr/hal-01370391

E. T. Hall, The silent language

K. Berezina, The impact of information security breach on hotel guest perception of service quality, satisfaction, revisit intentions and word-ofmouth, International Journal of Contemporary Hospitality Management, issue.7, pp.24-991, 2012.

H. Rosoff, J. Cui, and R. John, Behavioral Experiments Exploring Victims' Response to Cyber-based Financial Fraud and Identity Theft Scenario Simulations, Tenth Symposium on Usable Privacy and Security (SOUPS), pp.175-186, 2014.

P. Chen, G. Kataria, and R. Krishnan, Correlated Failures, Diversification, and Information Security Risk Management, pp.397-422, 2011.

P. Puhakainen and M. Siponen, Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study, pp.757-778, 2010.

L. J. Waguespack, D. J. Yates, and W. T. Schiano, Towards a Design Theory for Trustworthy Information Systems, 2014 47th Hawaii International Conference on System Sciences, pp.3707-3716, 2014.
DOI : 10.1109/HICSS.2014.461

M. Beer, M. C. Meier, B. Mosig, and F. Probst, A Prototype for Information-Dense IT Project Risk Reporting: An Action Design Research Approach, 2014 47th Hawaii International Conference on System Sciences, pp.3657-3666, 2014.
DOI : 10.1109/HICSS.2014.456

S. Gregor and A. R. Hevner, Positioning and Presenting Design Science Research for Maximum Impact, MIS Quarterly, vol.37, issue.2, pp.337-355, 2013.

A. Hevner, S. March, J. Park, R. , and S. , Design Science Research in Information Systems, MIS Quarterly, vol.28, issue.1, pp.75-105, 2004.
DOI : 10.1007/978-1-4419-5653-8_2

A. Lee and R. L. Baskerville, Generalizing Generalizability in Information Systems Research, Information Systems Research, vol.14, issue.3, pp.221-243, 2003.
DOI : 10.1287/isre.

M. L. Markus, . Power, M. Politics, and . Implementation, Power, politics, and MIS implementation, Communications of the ACM, vol.26, issue.6, pp.430-444, 1983.
DOI : 10.1145/358141.358148

O. Connor and C. , target-ceo-gregg- steinhafel-resigns-in-wake-of-data-breach-fallout/#25ca02fa6e61, Target CEO Gregg Steinhafel Resigns In Data Breach Fallout, Forbes, 2014.

Q. Hu, T. Dinev, P. Hart, and D. Cooke, Managing employee compliance with information security policies: the critical role of top management and organizational culture, Decision Sciences, pp.615-660, 2012.

D. 'arcy, J. Herath, T. Shoss, and M. K. , Understanding employee responses to stressful information security requirements: a coping perspective, Journal of Management Information Systems, issue.2, pp.31-285, 2014.

R. Ruefle, A. Dorofee, D. Mundie, A. D. Householder, M. Murray et al., Computer Security Incident Response Team Development and Evolution, IEEE Security & Privacy, vol.12, issue.5, pp.1216-1242, 2014.
DOI : 10.1109/MSP.2014.89

B. Plester, Execution of a Joke: Types and Functions of Humour, The Complexity of Workplace Humour: Laughter, Jokers and the Dark Side of Humour, pp.39-66, 2016.
DOI : 10.1007/978-3-319-24669-7_3