New Insights into the Justifiability of Organizational Information Security Policy Noncompliance : A Case Study

Soliman, Wael; Mohammadnazar, Hojat

doi:10.24251/HICSS.2022.823

dc.contributor.author	Soliman, Wael
dc.contributor.author	Mohammadnazar, Hojat
dc.date.accessioned	2022-01-18T07:16:25Z
dc.date.available	2022-01-18T07:16:25Z
dc.date.issued	2022
dc.identifier.citation	Soliman, W., & Mohammadnazar, H. (2022). New Insights into the Justifiability of Organizational Information Security Policy Noncompliance : A Case Study. In <i>Proceedings of the 55th Hawaii International Conference on System Sciences (HICSS 2022)</i> (pp. 6812-6821). University of Hawai'i at Manoa. Proceedings of the Annual Hawaii International Conference on System Sciences. <a href="https://doi.org/10.24251/HICSS.2022.823" target="_blank">https://doi.org/10.24251/HICSS.2022.823</a>
dc.identifier.other	CONVID_103895825
dc.identifier.uri	https://jyx.jyu.fi/handle/123456789/79384
dc.description.abstract	Information security policies as apparatus for communicating security principles with employees are the cornerstone of organizational information security. Resultantly, extant literature has looked at different theories to better understand the noncompliance problem. Neutralization theory is emerging as one of the most popular approaches, not only as an explanation but also as a solution. In this in-depth qualitative study, we ask the question ‘how do employees justify violating the ISP’? Our findings reveal nine rationalizing techniques, three of which have not been recognized in previous research. We label them ‘I follow my own rules’, ‘matter of mere legality’ and ‘defense of uniqueness’. But more importantly, our in-depth insights point to the danger of taking these rationalizations out of context, since without context, it becomes impossible to judge whether the behavior or the rule, needs correcting, reflecting a dilemma recognized in the original writing of neutralization theory, which has since been forgotten.	en
dc.format.mimetype	application/pdf
dc.language.iso	eng
dc.publisher	University of Hawai'i at Manoa
dc.relation.ispartof	Proceedings of the 55th Hawaii International Conference on System Sciences (HICSS 2022)
dc.relation.ispartofseries	Proceedings of the Annual Hawaii International Conference on System Sciences
dc.relation.uri	http://hdl.handle.net/10125/80163
dc.rights	CC BY-NC-ND 4.0
dc.title	New Insights into the Justifiability of Organizational Information Security Policy Noncompliance : A Case Study
dc.type	conferenceObject
dc.identifier.urn	URN:NBN:fi:jyu-202201181153
dc.contributor.laitos	Informaatioteknologian tiedekunta	fi
dc.contributor.laitos	Faculty of Information Technology	en
dc.contributor.oppiaine	Empirical Cyber Security and Software Engineering	fi
dc.contributor.oppiaine	Tietojärjestelmätiede	fi
dc.contributor.oppiaine	Empirical Cyber Security and Software Engineering	en
dc.contributor.oppiaine	Information Systems Science	en
dc.type.uri	http://purl.org/eprint/type/ConferencePaper
dc.relation.isbn	978-0-9981331-5-7
dc.type.coar	http://purl.org/coar/resource_type/c_5794
dc.description.reviewstatus	peerReviewed
dc.format.pagerange	6812-6821
dc.relation.issn	1530-1605
dc.type.version	publishedVersion
dc.rights.copyright	© Authors, 2022
dc.rights.accesslevel	openAccess	fi
dc.relation.conference	Hawaii International Conference on System Sciences
dc.subject.yso	tietosuoja
dc.subject.yso	tietoturva
dc.subject.yso	organisaatiot
dc.subject.yso	työntekijät
dc.subject.yso	asenteet
dc.format.content	fulltext
jyx.subject.uri	http://www.yso.fi/onto/yso/p3636
jyx.subject.uri	http://www.yso.fi/onto/yso/p5479
jyx.subject.uri	http://www.yso.fi/onto/yso/p272
jyx.subject.uri	http://www.yso.fi/onto/yso/p1075
jyx.subject.uri	http://www.yso.fi/onto/yso/p5619
dc.rights.url	https://creativecommons.org/licenses/by-nc-nd/4.0/
dc.relation.doi	10.24251/HICSS.2022.823
dc.type.okm	A4

Aineistoon kuuluvat tiedostot

Nimi:: Soliman_Mohammadnazar_HICSS2022.pdf
Koko:: 345.3Kb
Tiedostomuoto:: PDF
Kuvaus:: Publisher's PDF

Katso/Avaa

Aineisto kuuluu seuraaviin kokoelmiin

Informaatioteknologian tiedekunta [2136]

Näytä suppeat kuvailutiedot

Ellei muuten mainita, aineiston lisenssi on CC BY-NC-ND 4.0

New Insights into the Justifiability of Organizational Information Security Policy Noncompliance : A Case Study

Aineistoon kuuluvat tiedostot

Aineisto kuuluu seuraaviin kokoelmiin

Samankaltainen aineisto

Investigating the Impact of Organizational Culture on Information Security Policy Compliance : The Case of Ethiopia ﻿

Tietoturvakulttuurin rakentuminen Finavian viestinnässä ﻿

Influence of Organizational Culture on Employees Information Security Policy Compliance in Ethiopian Companies ﻿

Organisational GDPR Investments and Impacts ﻿

Euroopan unionin yleisen tietosuoja-asetuksen aiheuttamat muutokset organisaatioiden tietoturvapolitiikkoihin ﻿

Investigating the Impact of Organizational Culture on Information Security Policy Compliance : The Case of Ethiopia

Tietoturvakulttuurin rakentuminen Finavian viestinnässä

Influence of Organizational Culture on Employees Information Security Policy Compliance in Ethiopian Companies

Organisational GDPR Investments and Impacts

Euroopan unionin yleisen tietosuoja-asetuksen aiheuttamat muutokset organisaatioiden tietoturvapolitiikkoihin