Why do employees violate is security policies? : insights from multiple theoretical perspectives
1University of Oulu, Faculty of Science, Department of Information Processing Science
|Online Access:||PDF Full Text (PDF, 2.2 MB)|
|Persistent link:|| http://urn.fi/urn:isbn:9789514262876
|Publish Date:|| 2010-10-12
|Thesis type:||Doctoral Dissertation
|Defence Note:||Academic dissertation to be presented with the assent of the Faculty of Science of the University of Oulu for public defence in Auditorium IT116, Linnanmaa, on 22 October 2010, at 12 noon
Associate Professor Huigang Liang
Professor Raghav Rao
Employee violations of IS security policies is recognized as a key concern for organizations. Although interest in IS security has risen in recent years, little empirical research has examined this problem. To address this research gap, this dissertation identifies deliberate IS security policy violations as a phenomenon unique from other forms of computer abuse. To better understand this phenomenon, three guidelines for researching deliberate IS security violations are proposed. An analysis of previous behavioral IS security literature shows that no existing study meets more than one of these guidelines.
Using these guidelines as a basis, this dissertation examines IS security policy violations using three theoretical models drawn from the following perspectives: neutralization theory, rational choice theory, and protection motivation theory. Three field studies involving surveys of 1,423 professional respondents belonging to 7 organizations across 47 countries were performed for empirical testing of the models.
The findings of these studies identify several factors that strongly predict intentions to violate IS security policies. These results significantly increase our understanding of why employees choose to violate IS security policies and provide empirically-grounded implications for how practitioners can improve employee IS security policy compliance.
Acta Universitatis Ouluensis. A, Scientiae rerum naturalium
© University of Oulu, 2010. This publication is copyrighted. You may download, display and print it for your own personal use. Commercial use is prohibited.