
AJ Burns
Associate Professor Louisiana State University
- Baton Rouge LA
Dr. Burns’s research focuses on organizational cybersecurity and employee behavior.
Areas of Expertise
Research Focus
Organizational Cybersecurity & Insider Behavior
Dr. Burns’s research focuses on organizational cybersecurity and employee behavior—risks to personally identifiable information, security overload in the workplace, and motives behind insider computer abuse. As cybersecurity faculty coordinator for LSU’s Ourso College of Business, he pairs organizational surveys, behavioral experiments, and incident analytics to craft secure work practices and embed cybersecurity strategy in business education.
Education
Louisiana Tech University
DBA
Business Administration
2013
Louisiana State University
MBA
2008
Louisiana State University
B.S.
2006
Media Appearances
LSU Prof offers tips for dealing with data breach
KATC 3 ABC tv
2023-06-16
In light of this incident, E. J. Ourso College of Business Associate Professor AJ Burns, one of LSU’s cybersecurity experts, suggests the following tips to safeguard yourself from scammers and unauthorized access.
LSU Business Student Earns Third Place in National Cyber Threat Competition
Louisiana State University online
2025-03-06
"Working with talented and motivated students like Daniel is one of the most rewarding aspects of being a professor at LSU," said Burns. "He is among the first students to take our new cybersecurity courses in ISDS, and it is great to see all his hard work rewarded."
Articles
Going beyond deterrence: A middle-range theory of motives and controls for insider computer abuse
Information Systems Research2023
Despite widespread agreement among practitioners and academicians that organizational insiders are a significant threat to organizational information systems security, insider computer abuse (ICA)—unauthorized and deliberate misuse of organizational information resources by organizational insiders—remains a serious issue. Recent studies have shown that most employees are willing to share confidential or regulated information under certain circumstances, and nearly one-third to half of major security breaches are tied to insiders. These trends indicate that organizational security efforts, which generally focus on deterrence and sanctions, have yet to effectively address ICA. Therefore, leading security researchers and practitioners have called for a more nuanced understanding of insiders in respect to deterrence efforts.
The Backstory of “An Adversarial Dance”
Journal of the Association for Information Systems2023
In their editorial titled “A Practical Guide for Successful Revisions and Engagements with Reviewers,” Pang and Thatcher (2023) 1 provide guidelines for successfully steering a manuscript through the process of revision toward publication. To complement the excellent insights and practical tips offered by Pang and Thatcher, JAIS will publish a series of backstory editorials written by different JAIS author teams in which the author team describes the backstory behind their paper published in JAIS, explaining the revision trajectory their paper took and detailing the challenges they faced as well as the lessons they learned. This editorial is the first such backstory.
An adversarial dance: Toward an understanding of insiders’ responses to organizational information security measures
Journal of the Association for Information Systems2023
Despite the increased focus on organizational security policies and programs, some employees continue to engage in maladaptive responses to security measures (ie, behaviors other than those recommended, intended, or prescribed). To help shed light on insiders’ adaptive and maladaptive responses to IS security measures, we conducted a case study of an organization at the forefront of security policy initiatives. Drawing on the beliefs-actions-outcomes (BAO) model to analyze our case data, we uncover a potentially nonvirtuous cycle consisting of security-related beliefs, actions, and outcomes, which we refer to as an “adversarial dance.”
Insiders’ adaptations to security-based demands in the workplace: An examination of security behavioral complexity
Information Systems Frontiers2021
The protection of organizational information and information systems (IS) is a socio-technical issue and requires insiders take on a more proactive set of security roles. Accordingly, we contend that insiders’ abilities to enact these diverse information security roles can be explained by behavioral complexity theory. Adapted to the security context, behavioral complexity theory stipulates that insider’s ability to take appropriate precautions against organizational security threats is explained by their (1) repertoire of security roles and associated behaviors (i.e., security behavioral repertoire) and their (2) ability to switch from role to role (i.e., security behavioral differentiation). However, beyond behavioral complexity, protecting against complex security-related threats in the workplace requires significant psychological resources of insiders.
The adaptive roles of positive and negative emotions in organizational insiders’ security-based precaution taking
Information Systems Research2019
Protecting organizational information is a top priority for most firms. This reality, coupled with the fact that organizational insiders control much of their organizations’ valuable information, has led both researchers and practitioners to acknowledge the importance of insiders’ behavior for information security. Until recently, researchers have employed only a few theories to understand these influences, and this has generated calls for a broadened theoretical repertoire. Given this opportunity, we incorporate the previously developed framework of emotions and add the broaden-and-build theory (BBT) to understand the influence of discrete positive and negative emotions on insiders’ precaution-taking activities.
Affiliations
- Journal of the Association for Information Systems : Associate Editor