NEUTRALIZATION: NEW INSIGHTS INTO THE PROBLEM OF EMPLOYEE INFORMATION SYSTEMS SECURITY POLICY VIOLATIONS.

Author List: Siponen, Mikko; Vance, Anthony;

MIS Quarterly, 2010, Volume 34, Issue 3, Page 487-A12.

Employees' failure to comply with information systems security policies is a major concern for information technology security managers. In efforts to understand this problem, IS security researchers have traditionally viewed violations of IS security policies through the lens of deterrence theory. In this article, we show that neutralization theory, a theory prominent in Criminology but not yet applied in the context of IS, provides a compelling explanation for IS security policy violations and offers new insight into how employees rationalize this behavior. In doing so, we propose a theoretical model in which the effects of neutralization techniques are tested alongside those of sanctions described by deterrence theory. Our empirical results highlight neutralization as an important factor to take into account with regard to developing and implementing organizational security policies and practices.

Keywords: deterrence theory; IS security policies; IS security; compliance; Neutralization theory

Algorithm:

List of Topics

#186	0.463	security information compliance policy organizations breach disclosure policies deterrence breaches incidents results study abuse managed isp violations based comply protection
#110	0.169	theory theories theoretical paper new understanding work practical explain empirical contribution phenomenon literature second implications different building based insights need
#108	0.135	model research data results study using theoretical influence findings theory support implications test collected tested based empirical empirically context paper
#159	0.127	systems information objectives organization organizational development variety needs need efforts technical organizations developing suggest given effective designing lack help recent