Kriittinen analyysi neutralisoimisteorian soveltamisesta tietojärjestelmätieteessä
Technology development, the internet and digitalization have changed all of our
lives during the last few decades. Information security is often seen as a purely
technology-driven issue. However, technology alone cannot provide the perfect
solution for securing and protecting critical information in an organization. Often
the biggest security trouble sits between the keyboard and the chair. This thesis
exams information security from an employees’ viewpoint. It focuses on noncompliance
with employee security policies and security breaches. The thesis explores
factors that affect an individual's security behavior and discusses the underlying
conditions that lead to an employee's security policy non-compliance
and security breaches. The main task of this thesis is to present the revised neutralization
theory in the security context and to examine how employees explain
their non-compliance with the security policy. The theory of neutralization, published
by Sykes and Matza in 1957 has given the theoretical basis for this thesis.
The theory has driven the development of the interviews and provided a baseline
for the analysis of research data. The central argument of the Neutralization Theory
is that man justifies his deviant behavior by means of neutralization techniques
and thus avoids feelings of guilt and shame. Previous researches have
suggested that the Neutralization Theory can explain intentions of information
security violations or breaches. However, the researches have not applied the
central assumptions of Neutralization Theory, and so it cannot be clear whether
it can explain security behavior. The theoretical contribution of this thesis is to
introduce new information from employees’ accounts and how they explain their
non-compliance with information security policies. Scott and Lyman's (1968) Accounts-
article has been applied in this thesis, which has been influenced by the
theory of neutralization. A practical contribution of this thesis is to look at what
everyday situations can be risky from the security perspective and provide solutions
that can be utilized in the security management. The result of this thesis
supports the claim that employees do not necessarily utilize the neutralization
techniques to justify their security breaches.
Keywords: neutralization theory, techniques of neutralization, information security,
information security policy, information security violation, social norms, social
control
...
Publisher
Jyväskylän yliopistoISBN
978-951-39-8174-7ISSN Search the Publication Forum
2489-9003Keywords
tietoturva organisaatiokäyttäytyminen sosiaalinen käyttäytyminen sosiaalinen kontrolli sosiaaliset normit tietoturvapolitiikka organisaatiot ohjeet työntekijät neutralisaatiotekniikat tietoturvakäyttäytyminen neutralization theory techniques of neutralization information security information security policy information security violation social norms social control
Metadata
Show full item recordCollections
- JYU Dissertations [852]
- Väitöskirjat [3580]
License
Related items
Showing items with similar title or keywords.
-
Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures
Vance, Anthony; Boyer Fellow, Selvoy J.; Siponen, Mikko T.; Straub, Detmar W. (Elsevier, 2020)A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies ... -
Revisiting neutralization theory and its underlying assumptions to inspire future information security research
Soliman, Wael; Mohammadnazar, Hojat (Association for Information Systems, 2022)Over two decades ago, neutralization theory was introduced to information systems research from the field of criminology and is currently emerging as an influential foundation to both explain and solve the information ... -
Can Individuals’ Neutralization Techniques Be Overcome? : A Field Experiment on Password Policy
Siponen, Mikko; Puhakainen, Petri; Vance, Anthony (Elsevier Advanced Technology, 2020)Individuals’ lack of adherence to password security policy is a persistent problem for organizations. This problem is especially worrisome because passwords remain the primary authentication mechanism for information ... -
Investigating the Impact of Organizational Culture on Information Security Policy Compliance : The Case of Ethiopia
Ejigu, Kibrom Tadesse; Siponen, Mikko; Arage, Tilahun Muluneh (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ... -
Toward a stage theory of the development of employees' information security behavior
Karjalainen, Mari; Siponen, Mikko; Sarker, Suprateek (Elsevier, 2020)Existing behavioral information security research proposes continuum or non-stage models that focus on finding static determinants for information security behavior (ISB) that remains unchanged. Such models cannot explain ...