Moral sensitivity in information security dilemmas
Mohammadnazar, H., Ghanbari, H., & Siponen, M. (2019). Moral sensitivity in information security dilemmas. In ECIS 2019 : Proceedings of the 27th European Conference on Information Systems, Stockholm & Uppsala, Sweden, June 8-14, 2019. Association for Information Systems. https://aisel.aisnet.org/ecis2019_rip/44
© The Authors, 2019.
Activities that undermine information security such as noncompliance with information security policies raise moral concerns since they can expose valuable information assets. Existing research shows that moral reflection could play an inhibitory role in one’s decision to undermine information security. However, it is not clear whether users interpret such decisions from a moral standpoint to engage in moral reflection in the first place. Users have to be morally sensitive before they engage in moral reflection. Moral sensitivity involves perceiving a situation as morally relevant, identifying the parties involved and perceiving possible courses of action. We examine moral sensitivity in security dilemmas in a Finnish university setting. We develop audio records of conversations about two policy compliance scenarios, each involving moral concerns. After playing back these audio records to participants, we pose probing questions to examine their moral sensitivity. Our preliminary results indicate that users may not be sensitive towards the moral concerns raised by security dilemmas. Based on our findings, we suggest providing users with information regarding those affected by security decisions, IT capabilities in an organization and the possible consequences of different courses of action in security education programs rather than directives about morally right or wrong behavior. ...
PublisherAssociation for Information Systems
Parent publication ISBN978-1-7336325-0-8
ConferenceEuropean Conference on Information Systems
Is part of publicationECIS 2019 : Proceedings of the 27th European Conference on Information Systems, Stockholm & Uppsala, Sweden, June 8-14, 2019
Publication in research information system
MetadataShow full item record
Showing items with similar title or keywords.
Influence of Organizational Culture on Employees Information Security Policy Compliance in Ethiopian Companies Ejigu, Kibrom; Siponen, Mikko; Muluneh, Tilahun (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ...
Investigating the Impact of Organizational Culture on Information Security Policy Compliance : The Case of Ethiopia Ejigu, Kibrom Tadesse; Siponen, Mikko; Arage, Tilahun Muluneh (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ...
Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures Vance, Anthony; Boyer Fellow, Selvoy J.; Siponen, Mikko T.; Straub, Detmar W. (Elsevier, 2020)A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies ...
Review of the methods for the development of information security policies at organizations Wu, Shan (2016)This thesis aims to have an overview of the current studies in the development of information security policy. The research is based on a systematical literature review. The study focuses on the development process of ...
Toward a stage theory of the development of employees' information security behavior Karjalainen, Mari; Siponen, Mikko; Sarker, Suprateek (Elsevier, 2020)Existing behavioral information security research proposes continuum or non-stage models that focus on finding static determinants for information security behavior (ISB) that remains unchanged. Such models cannot explain ...