AJ Burns

Associate Professor Louisiana State University

  • Baton Rouge LA

Dr. Burns’s research focuses on organizational cybersecurity and employee behavior.

Contact

Louisiana State University

View more experts managed by Louisiana State University

Areas of Expertise

Organizational Cybersecurity
Information Security
Cybersecurity
Behavioral Cybersecurity

Research Focus

Organizational Cybersecurity & Insider Behavior

Dr. Burns’s research focuses on organizational cybersecurity and employee behavior—risks to personally identifiable information, security overload in the workplace, and motives behind insider computer abuse. As cybersecurity faculty coordinator for LSU’s Ourso College of Business, he pairs organizational surveys, behavioral experiments, and incident analytics to craft secure work practices and embed cybersecurity strategy in business education.

Education

Louisiana Tech University

DBA

Business Administration

2013

Louisiana State University

MBA

2008

Louisiana State University

B.S.

2006

Media Appearances

LSU Prof offers tips for dealing with data breach

KATC 3 ABC  tv

2023-06-16

In light of this incident, E. J. Ourso College of Business Associate Professor AJ Burns, one of LSU’s cybersecurity experts, suggests the following tips to safeguard yourself from scammers and unauthorized access.

View More

LSU Business Student Earns Third Place in National Cyber Threat Competition

Louisiana State University  online

2025-03-06

"Working with talented and motivated students like Daniel is one of the most rewarding aspects of being a professor at LSU," said Burns. "He is among the first students to take our new cybersecurity courses in ISDS, and it is great to see all his hard work rewarded."

View More

Articles

Going beyond deterrence: A middle-range theory of motives and controls for insider computer abuse

Information Systems Research

2023

Despite widespread agreement among practitioners and academicians that organizational insiders are a significant threat to organizational information systems security, insider computer abuse (ICA)—unauthorized and deliberate misuse of organizational information resources by organizational insiders—remains a serious issue. Recent studies have shown that most employees are willing to share confidential or regulated information under certain circumstances, and nearly one-third to half of major security breaches are tied to insiders. These trends indicate that organizational security efforts, which generally focus on deterrence and sanctions, have yet to effectively address ICA. Therefore, leading security researchers and practitioners have called for a more nuanced understanding of insiders in respect to deterrence efforts.

View more

The Backstory of “An Adversarial Dance”

Journal of the Association for Information Systems

2023

In their editorial titled “A Practical Guide for Successful Revisions and Engagements with Reviewers,” Pang and Thatcher (2023) 1 provide guidelines for successfully steering a manuscript through the process of revision toward publication. To complement the excellent insights and practical tips offered by Pang and Thatcher, JAIS will publish a series of backstory editorials written by different JAIS author teams in which the author team describes the backstory behind their paper published in JAIS, explaining the revision trajectory their paper took and detailing the challenges they faced as well as the lessons they learned. This editorial is the first such backstory.

View more

An adversarial dance: Toward an understanding of insiders’ responses to organizational information security measures

Journal of the Association for Information Systems

2023

Despite the increased focus on organizational security policies and programs, some employees continue to engage in maladaptive responses to security measures (ie, behaviors other than those recommended, intended, or prescribed). To help shed light on insiders’ adaptive and maladaptive responses to IS security measures, we conducted a case study of an organization at the forefront of security policy initiatives. Drawing on the beliefs-actions-outcomes (BAO) model to analyze our case data, we uncover a potentially nonvirtuous cycle consisting of security-related beliefs, actions, and outcomes, which we refer to as an “adversarial dance.”

View more

Show All +

Affiliations

  • Journal of the Association for Information Systems : Associate Editor

Media