Abstract
Employee violations of IS security policies is recognized as a key concern for organizations. Although interest in IS security has risen in recent years, little empirical research has examined this problem. To address this research gap, this dissertation identifies deliberate IS security policy violations as a phenomenon unique from other forms of computer abuse. To better understand this phenomenon, three guidelines for researching deliberate IS security violations are proposed. An analysis of previous behavioral IS security literature shows that no existing study meets more than one of these guidelines.
Using these guidelines as a basis, this dissertation examines IS security policy violations using three theoretical models drawn from the following perspectives: neutralization theory, rational choice theory, and protection motivation theory. Three field studies involving surveys of 1,423 professional respondents belonging to 7 organizations across 47 countries were performed for empirical testing of the models.
The findings of these studies identify several factors that strongly predict intentions to violate IS security policies. These results significantly increase our understanding of why employees choose to violate IS security policies and provide empirically-grounded implications for how practitioners can improve employee IS security policy compliance.
| Identifer | oai:union.ndltd.org:oulo.fi/oai:oulu.fi:isbn978-951-42-6287-6 |
| Date | 12 October 2010 |
| Creators | Vance, A. (Anthony) |
| Publisher | University of Oulu |
| Source Sets | University of Oulu |
| Language | English |
| Detected Language | English |
| Type | info:eu-repo/semantics/doctoralThesis, info:eu-repo/semantics/publishedVersion |
| Format | application/pdf |
| Rights | info:eu-repo/semantics/openAccess, © University of Oulu, 2010 |
| Relation | info:eu-repo/semantics/altIdentifier/pissn/0355-3191, info:eu-repo/semantics/altIdentifier/eissn/1796-220X |
Page generated in 0.002 seconds