Fighting computer crime: a new framework for protecting information
Fighting computer crime: a new framework for protecting information
Issues and opinion on structural equation modeling
MIS Quarterly
Modeling IT ethics: a study in situational ethics
MIS Quarterly
Extending the technology acceptance model: the influence of perceived user resources
ACM SIGMIS Database - Special issue on adoption, diffusion, and infusion of IT
Information Security Architecture: An Integrated Approach to Security in the Organization
Information Security Architecture: An Integrated Approach to Security in the Organization
Internet Users' Information Privacy Concerns (IUIPC): The Construct, the Scale, and a Causal Model
Information Systems Research
Information Systems Research
Editor's comments: PLS: a silver bullet?
MIS Quarterly
An integrative study of information systems security effectiveness
International Journal of Information Management: The Journal for Information Professionals
Does deterrence work in reducing information security policy abuse by employees?
Communications of the ACM
Information and Management
Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model
Journal of Management Information Systems
Motivating IS security compliance: Insights from Habit and Protection Motivation Theory
Information and Management
The effects of multilevel sanctions on information security violations: A mediating model
Information and Management
Information and Management
Explaining investors' reaction to internet security breach using deterrence theory
International Journal of Electronic Finance
Privacy management in dynamic groups: understanding information privacy in medical practices
Proceedings of the 2013 conference on Computer supported cooperative work
IS Security Policy Violations: A Rational Choice Perspective
Journal of Organizational and End User Computing
A Composite Framework for Behavioral Compliance with Information Security Policies
Journal of Organizational and End User Computing
A Composite Framework for Behavioral Compliance with Information Security Policies
Journal of Organizational and End User Computing
Employees' adherence to information security policies: An exploratory field study
Information and Management
Information security strategies: towards an organizational multi-strategy perspective
Journal of Intelligent Manufacturing
Hi-index | 0.03 |
Employees' failure to comply with information systems security policies is a major concern for information technology security managers. In efforts to understand this problem, IS security researchers have traditionally viewed violations of IS security policies through the lens of deterrence theory. In this article, we show that neutralization theory, a theory prominent in Criminology but not yet applied in the context of IS, provides a compelling explanation for IS security policy violations and offers new insight into how employees rationalize this behavior. In doing so, we propose a theoretical model in which the effects of neutralization techniques are tested alongside those of sanctions described by deterrence theory. Our empirical results highlight neutralization as an important factor to take into account with regard to developing and implementing organizational security policies and practices.