Toward a Theory of Information Systems Security Behaviors of Organizational Employees: A Dialectical Process Perspective
成果类型:
Article
署名作者:
Karjalainen, Mari; Sarker, Suprateek; Siponen, Mikko
署名单位:
University of Oulu; University of Virginia; University of Jyvaskyla
刊物名称:
INFORMATION SYSTEMS RESEARCH
ISSN/ISSBN:
1047-7047
DOI:
10.1287/isre.2018.0827
发表日期:
2019
页码:
687-704
关键词:
grounded theory method
fear appeals
MODEL
POLICY
TECHNOLOGY
TENSIONS
insights
Managers
context
CONTRADICTIONS
摘要:
The various guidelines, procedures, and policies referred to as information systems security procedures (ISSPs) underlie information systems security behaviors (ISSBs) of many employees in organizations. Understanding the reasons for ISSBs-that is, why employees do or do not comply with ISSPs-is an imperative in today's organizations, given that information is a valuable asset. In our study, we observed that employees' reasons for engaging in ISSBs, such as selecting a password, locking a computer, and using a USB memory device, changed over time. Noting that the dynamic nature of ISSBs has not yet received sufficient consideration in information systems security (ISS) research, we use a predominantly inductive approach to develop a theoretical understanding of the ISSB change process, sensitized by ideas from dialectics. Our dialectical process view suggests that explanations for engaging in different ISSBs am not static but change over time as individuals seek to deal with, or balance, tensions or contradictory demands. Furthermore, our view suggests that change triggers (e.g., new experiences and external events) initiate a process of reevaluating tensions that can, in turn, lead to changes in ISSBs. A number of implications for future research and practice emerge from this dialectical understanding of the ISSB change process.
来源URL: