IS Security Policy Violations: A Rational Choice Perspective

Authors:
Mikko T. Siponen;Anthony Vance
Affiliations:
University of Oulu, Finland;Brigham Young University, USA
Venue:
Journal of Organizational and End User Computing
Year:
2012

Citing 19
Cited 2

The effect of codes of ethics and personal denial of responsibility on computer abuse judgements and intentions

MIS Quarterly
Issues and opinion on structural equation modeling

MIS Quarterly
Modeling IT ethics: a study in situational ethics

MIS Quarterly
Extending the technology acceptance model: the influence of perceived user resources

ACM SIGMIS Database - Special issue on adoption, diffusion, and infusion of IT
A Practical Approach to Information Security Awareness in the Organization

SEC '02 Proceedings of the IFIP TC11 17th International Conference on Information Security: Visions and Perspectives
A Partial Least Squares Latent Variable Modeling Approach for Measuring Interaction Effects: Results from a Monte Carlo Simulation Study and an Electronic-Mail Emotion/Adoption Study

Information Systems Research
Why there aren't more information security research studies

Information and Management
An integrative model of computer abuse based on social control and general deterrence theories

Information and Management
Common Method Variance in IS Research: A Comparison of Alternative Approaches and a Reanalysis of Past Research

Management Science
Studying users' computer security behavior: A health belief perspective

Decision Support Systems
Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness

Decision Support Systems
User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach

Information Systems Research
Human Relationships: A Never-Ending Security Education Challenge?

IEEE Security and Privacy
Compliance with Information Security Policies: An Empirical Investigation

Computer
Policies and procedures to manage employee Internet abuse

Computers in Human Behavior
Validation in information systems research: a state-of-the-art assessment

MIS Quarterly
Understanding and mitigating uncertainty in online exchange relationships: a principal- agent perspective

MIS Quarterly
Neutralization: new insights into the problem of employee systems security policy violations

MIS Quarterly
Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness

MIS Quarterly

New insights into the problem of software piracy: The effects of neutralization, shame, and moral beliefs

Information and Management
End User Security Training for Identification and Access Management

Journal of Organizational and End User Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Employee violations of IS security policies are reported as a key concern for organizations. Although behavioral research on IS security has received increasing attention from IS scholars, little empirical research has examined this problem. To address this research gap, the authors test a model based on Rational Choice Theory RCT-a prominent criminological theory not yet applied in IS-which explains, in terms of a utilitarian calculation, an individual's decision to commit a violation. Empirical results show that the effects of informal sanctions, moral beliefs, and perceived benefits convincingly explain employee IS security policy violations, while the effect of formal sanctions is insignificant. Based on these findings, the authors discuss several implications for research and practice.