The organization man and the innovator: Theoretical archetypes to inform behavioral information security research

Document Type


Publication Date



College of Business; Center for Cybersecurity


Behavioral information security research exhibits a preoccupation with security policy, bureaucratic control, and policy compliance and noncompliance. This preoccupation implicitly treats employees as the sociological archetype described by Whyte (1956), the Organization Man. In doing so, the literature has dedicated less time to the study of other archetypes. In this paper, we compare the Organization Man to the Innovator, an amalgam of the Bricoleur and Engineer archetypes identified by Levi-Strauss (1966). We posit that the Innovator archetype may be more prevalent during times of organizational strain and excess. We develop a theoretical framework to explain how situational factors, namely organizational strain and excess, affect individuals' risk perceptions and their willingness to adopt different archetypal personae (i.e., dispositional factors). The framework further suggests that each archetypal persona will behave differently to common security situations. Finally, the framework suggests that the organization's perceptions of employee behavior will provide a feedback loop that further affects the adoption of different archetypes.

Publication Title

ACM SIGMIS Database: the DATABASE for Advances in Information Systems