University of Oulu

Why do employees violate is security policies? : insights from multiple theoretical perspectives

Saved in:
Author: Vance, Anthony1
Organizations: 1University of Oulu, Faculty of Science, Department of Information Processing Science
Format: ebook
Version: published version
Access: open
Online Access: PDF Full Text (PDF, 2.2 MB)
Persistent link:
Language: English
Published: 2010
Publish Date: 2010-10-12
Thesis type: Doctoral Dissertation
Defence Note: Academic dissertation to be presented with the assent of the Faculty of Science of the University of Oulu for public defence in Auditorium IT116, Linnanmaa, on 22 October 2010, at 12 noon
Reviewer: Associate Professor Huigang Liang
Professor Raghav Rao


Employee violations of IS security policies is recognized as a key concern for organizations. Although interest in IS security has risen in recent years, little empirical research has examined this problem. To address this research gap, this dissertation identifies deliberate IS security policy violations as a phenomenon unique from other forms of computer abuse. To better understand this phenomenon, three guidelines for researching deliberate IS security violations are proposed. An analysis of previous behavioral IS security literature shows that no existing study meets more than one of these guidelines.

Using these guidelines as a basis, this dissertation examines IS security policy violations using three theoretical models drawn from the following perspectives: neutralization theory, rational choice theory, and protection motivation theory. Three field studies involving surveys of 1,423 professional respondents belonging to 7 organizations across 47 countries were performed for empirical testing of the models.

The findings of these studies identify several factors that strongly predict intentions to violate IS security policies. These results significantly increase our understanding of why employees choose to violate IS security policies and provide empirically-grounded implications for how practitioners can improve employee IS security policy compliance.

see all

Series: Acta Universitatis Ouluensis. A, Scientiae rerum naturalium
ISSN-E: 1796-220X
ISBN: 978-951-42-6287-6
ISBN Print: 978-951-42-6286-9
Issue: 563
Copyright information: © University of Oulu, 2010. This publication is copyrighted. You may download, display and print it for your own personal use. Commercial use is prohibited.