Neutralization: new insights into the problem of employee systems security policy violations

Authors:
Mikko Siponen;Anthony Vance
Affiliations:
Information Systems Security Research Centre, Department of Information Processing Science, University of Oulu, Linnanmaa, Oulu, Finland;Information Systems Department, Marriott School of Management,,Brigham Young University, Provo, Utah
Venue:
MIS Quarterly
Year:
2010

Citing 19
Cited 18

Discovering and disciplining computer abuse in organizations: a field study

MIS Quarterly
The effect of codes of ethics and personal denial of responsibility on computer abuse judgements and intentions

MIS Quarterly
Fighting computer crime: a new framework for protecting information

Fighting computer crime: a new framework for protecting information
Issues and opinion on structural equation modeling

MIS Quarterly
Modeling IT ethics: a study in situational ethics

MIS Quarterly
Coping with systems risk: security planning models for management decision making

MIS Quarterly
Extending the technology acceptance model: the influence of perceived user resources

ACM SIGMIS Database - Special issue on adoption, diffusion, and infusion of IT
Information Security Architecture: An Integrated Approach to Security in the Organization

Information Security Architecture: An Integrated Approach to Security in the Organization
Knowledge Worker Communications and Recipient Availability: Toward a Task Closure Explanation of Media Choice

Organization Science
A Partial Least Squares Latent Variable Modeling Approach for Measuring Interaction Effects: Results from a Monte Carlo Simulation Study and an Electronic-Mail Emotion/Adoption Study

Information Systems Research
Internet Users' Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model

Information Systems Research
User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach

Information Systems Research
Validation in information systems research: a state-of-the-art assessment

MIS Quarterly
Ethical decision making in software piracy: initial development and test of a four-component model

MIS Quarterly
Editor's comments: PLS: a silver bullet?

MIS Quarterly
Review: a review of culture in information systems research: toward a theory of information technology culture conflict

MIS Quarterly
Specifying formative constructs in information systems research

MIS Quarterly
The relative advantage of electronic channels: a multidimensional view

MIS Quarterly
An integrative study of information systems security effectiveness

International Journal of Information Management: The Journal for Information Professionals

Does deterrence work in reducing information security policy abuse by employees?

Communications of the ACM
IS EDUCATION: Insights for computing education from information systems research

ACM Inroads
Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness

MIS Quarterly
Practicing safe computing: a multimedia empirical examination of home computer user security behavioral intentions

MIS Quarterly
Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies

Information and Management
Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model

Journal of Management Information Systems
Motivating IS security compliance: Insights from Habit and Protection Motivation Theory

Information and Management
The effects of multilevel sanctions on information security violations: A mediating model

Information and Management
New insights into the problem of software piracy: The effects of neutralization, shame, and moral beliefs

Information and Management
Explaining investors' reaction to internet security breach using deterrence theory

International Journal of Electronic Finance
Privacy management in dynamic groups: understanding information privacy in medical practices

Proceedings of the 2013 conference on Computer supported cooperative work
IS Security Policy Violations: A Rational Choice Perspective

Journal of Organizational and End User Computing
Beyond deterrence: an expanded view of employee computer abuse

MIS Quarterly
A Composite Framework for Behavioral Compliance with Information Security Policies

Journal of Organizational and End User Computing
A Composite Framework for Behavioral Compliance with Information Security Policies

Journal of Organizational and End User Computing
Employees' adherence to information security policies: An exploratory field study

Information and Management
Information security strategies: towards an organizational multi-strategy perspective

Journal of Intelligent Manufacturing
Insiders' protection of organizational information assets: development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors

MIS Quarterly

Quantified Score

Hi-index	0.03

Visualization

Abstract

Employees' failure to comply with information systems security policies is a major concern for information technology security managers. In efforts to understand this problem, IS security researchers have traditionally viewed violations of IS security policies through the lens of deterrence theory. In this article, we show that neutralization theory, a theory prominent in Criminology but not yet applied in the context of IS, provides a compelling explanation for IS security policy violations and offers new insight into how employees rationalize this behavior. In doing so, we propose a theoretical model in which the effects of neutralization techniques are tested alongside those of sanctions described by deterrence theory. Our empirical results highlight neutralization as an important factor to take into account with regard to developing and implementing organizational security policies and practices.