New Insights into the Justifiability of Organizational Information Security Policy Noncompliance : A Case Study
Soliman, W., & Mohammadnazar, H. (2022). New Insights into the Justifiability of Organizational Information Security Policy Noncompliance : A Case Study. In Proceedings of the 55th Hawaii International Conference on System Sciences (HICSS 2022) (pp. 6812-6821). University of Hawai'i at Manoa. Proceedings of the Annual Hawaii International Conference on System Sciences. https://doi.org/10.24251/HICSS.2022.823
Julkaistu sarjassa
Proceedings of the Annual Hawaii International Conference on System SciencesPäivämäärä
2022Oppiaine
Empirical Cyber Security and Software EngineeringTietojärjestelmätiedeEmpirical Cyber Security and Software EngineeringInformation Systems ScienceTekijänoikeudet
© Authors, 2022
2022:88 | 2023:119 | 2024:85 | 2025:4
Information security policies as apparatus for communicating security principles with employees are the cornerstone of organizational information security. Resultantly, extant literature has looked at different theories to better understand the noncompliance problem. Neutralization theory is emerging as one of the most popular approaches, not only as an explanation but also as a solution. In this in-depth qualitative study, we ask the question ‘how do employees justify violating the ISP’? Our findings reveal nine rationalizing techniques, three of which have not been recognized in previous research. We label them ‘I follow my own rules’, ‘matter of mere legality’ and ‘defense of uniqueness’. But more importantly, our in-depth insights point to the danger of taking these rationalizations out of context, since without context, it becomes impossible to judge whether the behavior or the rule, needs correcting, reflecting a dilemma recognized in the original writing of neutralization theory, which has since been forgotten.
...
Julkaisija
University of Hawai'i at ManoaEmojulkaisun ISBN
978-0-9981331-5-7Konferenssi
Hawaii International Conference on System SciencesKuuluu julkaisuun
Proceedings of the 55th Hawaii International Conference on System Sciences (HICSS 2022)ISSN Hae Julkaisufoorumista
1530-1605Asiasanat
Alkuperäislähde
http://hdl.handle.net/10125/80163Julkaisu tutkimustietojärjestelmässä
https://converis.jyu.fi/converis/portal/detail/Publication/103895825
Metadata
Näytä kaikki kuvailutiedotKokoelmat
Lisenssi
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
Investigating the Impact of Organizational Culture on Information Security Policy Compliance : The Case of Ethiopia
Ejigu, Kibrom Tadesse; Siponen, Mikko; Arage, Tilahun Muluneh (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ... -
Influence of Organizational Culture on Employees Information Security Policy Compliance in Ethiopian Companies
Ejigu, Kibrom; Siponen, Mikko; Muluneh, Tilahun (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ... -
Tietoturvakulttuurin rakentuminen Finavian viestinnässä
Seppänen, Teemu (2021)Tutkielman tavoitteena on kuvata ja ymmärtää tietoturvaviestinnän yhteyttä organisaation tietoturvakulttuurin rakentumiseen. Tietoturva on organisaatioille kasvava prioriteetti ja työntekijöiden rooli tietoturvan toteutumisessa ... -
Organisational GDPR Investments and Impacts
Hirvonen, Pauliina (Academic Conferences International, 2023)The aim of this empirical multi-case study is to understand the GDPR investments and impacts of the organisations. Among these, the measuring experiences related to GDPR and information security (Isec), and the future ... -
Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures
Vance, Anthony; Boyer Fellow, Selvoy J.; Siponen, Mikko T.; Straub, Detmar W. (Elsevier, 2020)A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.