Return to search

Why do employees violate is security policies?:insights from multiple theoretical perspectives

Abstract
Employee violations of IS security policies is recognized as a key concern for organizations. Although interest in IS security has risen in recent years, little empirical research has examined this problem. To address this research gap, this dissertation identifies deliberate IS security policy violations as a phenomenon unique from other forms of computer abuse. To better understand this phenomenon, three guidelines for researching deliberate IS security violations are proposed. An analysis of previous behavioral IS security literature shows that no existing study meets more than one of these guidelines.

Using these guidelines as a basis, this dissertation examines IS security policy violations using three theoretical models drawn from the following perspectives: neutralization theory, rational choice theory, and protection motivation theory. Three field studies involving surveys of 1,423 professional respondents belonging to 7 organizations across 47 countries were performed for empirical testing of the models.

The findings of these studies identify several factors that strongly predict intentions to violate IS security policies. These results significantly increase our understanding of why employees choose to violate IS security policies and provide empirically-grounded implications for how practitioners can improve employee IS security policy compliance.

Identiferoai:union.ndltd.org:oulo.fi/oai:oulu.fi:isbn978-951-42-6287-6
Date12 October 2010
CreatorsVance, A. (Anthony)
PublisherUniversity of Oulu
Source SetsUniversity of Oulu
LanguageEnglish
Detected LanguageEnglish
Typeinfo:eu-repo/semantics/doctoralThesis, info:eu-repo/semantics/publishedVersion
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess, © University of Oulu, 2010
Relationinfo:eu-repo/semantics/altIdentifier/pissn/0355-3191, info:eu-repo/semantics/altIdentifier/eissn/1796-220X

Page generated in 0.002 seconds