Moral sensitivity in information security dilemmas
Mohammadnazar, H., Ghanbari, H., & Siponen, M. (2019). Moral sensitivity in information security dilemmas. In ECIS 2019 : Proceedings of the 27th European Conference on Information Systems, Stockholm & Uppsala, Sweden, June 8-14, 2019. Association for Information Systems. https://aisel.aisnet.org/ecis2019_rip/44
Date
2019Copyright
© The Authors, 2019.
Activities that undermine information security such as noncompliance with information security policies
raise moral concerns since they can expose valuable information assets. Existing research shows that
moral reflection could play an inhibitory role in one’s decision to undermine information security.
However, it is not clear whether users interpret such decisions from a moral standpoint to engage in
moral reflection in the first place. Users have to be morally sensitive before they engage in moral
reflection. Moral sensitivity involves perceiving a situation as morally relevant, identifying the parties
involved and perceiving possible courses of action. We examine moral sensitivity in security dilemmas
in a Finnish university setting. We develop audio records of conversations about two policy compliance
scenarios, each involving moral concerns. After playing back these audio records to participants, we
pose probing questions to examine their moral sensitivity. Our preliminary results indicate that users
may not be sensitive towards the moral concerns raised by security dilemmas. Based on our findings,
we suggest providing users with information regarding those affected by security decisions, IT
capabilities in an organization and the possible consequences of different courses of action in security
education programs rather than directives about morally right or wrong behavior.
...
Publisher
Association for Information SystemsParent publication ISBN
978-1-7336325-0-8Conference
European Conference on Information SystemsIs part of publication
ECIS 2019 : Proceedings of the 27th European Conference on Information Systems, Stockholm & Uppsala, Sweden, June 8-14, 2019Keywords
Original source
https://aisel.aisnet.org/ecis2019_rip/44Publication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/30875955
Metadata
Show full item recordCollections
License
Related items
Showing items with similar title or keywords.
-
Influence of Organizational Culture on Employees Information Security Policy Compliance in Ethiopian Companies
Ejigu, Kibrom; Siponen, Mikko; Muluneh, Tilahun (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ... -
Investigating the Impact of Organizational Culture on Information Security Policy Compliance : The Case of Ethiopia
Ejigu, Kibrom Tadesse; Siponen, Mikko; Arage, Tilahun Muluneh (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ... -
Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures
Vance, Anthony; Boyer Fellow, Selvoy J.; Siponen, Mikko T.; Straub, Detmar W. (Elsevier, 2020)A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies ... -
The moderating impact of organizational culture on information security compliance
Ejigu, Kibrom; Siponen, Mikko; Muluneh, Tilahun (Addis Ababa University Press, 2023)This research paper investigates the association between organizational culture and employees' compliance with information security policies. Drawing upon rational choice theory (RCT) and the competing values framework ... -
Review of the methods for the development of information security policies at organizations
Wu, Shan (2016)This thesis aims to have an overview of the current studies in the development of information security policy. The research is based on a systematical literature review. The study focuses on the development process of ...