IS Security Policy Violations : A Rational Choice Perspective
Siponen, M.T., & Vance, A. (2012). IS Security Policy Violations: A Rational Choice Perspective.
Journal of Organizational and End User Computing
24, (1). doi.org/10.4018/joeuc.2012010102
Published in
Journal of Organizational and End User ComputingDate
2012Copyright
© 2012, IGI Global
Employee violations of IS security policies are reported as a key concern for organizations. Although behavioral research on IS security has received increasing attention from IS scholars, little empirical research has examined this problem. To address this research gap, the authors test a model based on Rational Choice Theory RCT-a prominent criminological theory not yet applied in IS-which explains, in terms of a utilitarian calculation, an individual's decision to commit a violation. Empirical results show that the effects of informal sanctions, moral beliefs, and perceived benefits convincingly explain employee IS security policy violations, while the effect of formal sanctions is insignificant. Based on these findings, the authors discuss several implications for research and practice.
Publisher
IGI GlobalISSN Search the Publication Forum
1546-2234Keywords
Metadata
Show full item recordCollections
License
Related items
Showing items with similar title or keywords.
-
Investigating the Impact of Organizational Culture on Information Security Policy Compliance : The Case of Ethiopia
Ejigu, Kibrom Tadesse; Siponen, Mikko; Arage, Tilahun Muluneh (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ... -
Influence of Organizational Culture on Employees Information Security Policy Compliance in Ethiopian Companies
Ejigu, Kibrom; Siponen, Mikko; Muluneh, Tilahun (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ... -
Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures
Vance, Anthony; Boyer Fellow, Selvoy J.; Siponen, Mikko T.; Straub, Detmar W. (Elsevier, 2020)A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies ... -
The moderating impact of organizational culture on information security compliance
Ejigu, Kibrom; Siponen, Mikko; Muluneh, Tilahun (Addis Ababa University Press, 2023)This research paper investigates the association between organizational culture and employees' compliance with information security policies. Drawing upon rational choice theory (RCT) and the competing values framework ... -
Toward a Unified Model of Information Security Policy Compliance
Moody, Gregory D.; Siponen, Mikko; Pahnila, Seppo (Management Information Systems Research Center, University of Minnesota, 2018)Information systems security (ISS) behavioral research has produced different models to explain security policy compliance. This paper (1) reviews 11 theories that have served the majority of previous information ...