NEUTRALIZATION: NEW INSIGHTS INTO THE PROBLEM OF EMPLOYEE INFORMATION SYSTEMS SECURITY POLICY VIOLATIONS
成果类型:
Article
署名作者:
Siponen, Mikko; Vance, Anthony
署名单位:
University of Oulu; Brigham Young University
刊物名称:
MIS QUARTERLY
ISSN/ISSBN:
0276-7783
发表日期:
2010
页码:
487-502
关键词:
ETHICAL DECISION-MAKING
rational choice
computer abuse
deterrence
MODEL
ENFORCEMENT
constructs
severity
theft
RISK
摘要:
Employees' failure to comply with information systems security policies is a major concern for information technology security managers. In efforts to understand this problem, IS security researchers have traditionally viewed violations of IS security policies through the lens of deterrence theory. In this article, we show that neutralization theory. a theory prominent in Criminology but not yet applied in the context of IS, provides a compelling explanation for IS security policy violations and offers new insight into how employees rationalize this behavior. In doing so, we propose a theoretical model in which the effects of neutralization techniques are tested alongside those of sanctions described by deterrence theory. Our empirical results highlight neutralization as an important factor to take into account with regard to developing and implementing organizational security policies and practices.