0000000000014371
AUTHOR
Hojat Mohammadnazar
Moral sensitivity in information security dilemmas
Activities that undermine information security such as noncompliance with information security policies raise moral concerns since they can expose valuable information assets. Existing research shows that moral reflection could play an inhibitory role in one’s decision to undermine information security. However, it is not clear whether users interpret such decisions from a moral standpoint to engage in moral reflection in the first place. Users have to be morally sensitive before they engage in moral reflection. Moral sensitivity involves perceiving a situation as morally relevant, identifying the parties involved and perceiving possible courses of action. We examine moral sensitivity in se…
Revisiting neutralization theory and its underlying assumptions to inspire future information security research
Over two decades ago, neutralization theory was introduced to information systems research from the field of criminology and is currently emerging as an influential foundation to both explain and solve the information security policy noncompliance problem. Much of what we know about the theory focuses exclusively on the neutralization techniques identified in the original as well as subsequent criminological writings. What is often left unexamined in IS research is the underlying assumptions about the theory’s core elements; assumptions about the actor, the act, the normative system, and the nature of neutralizing itself. The objective of this commentary is to revisit the origin of neutrali…
Improving fault prevention with proactive root cause analysis (PRORCA method)
Measures taken to prevent faults from slipping through to operation can secure development of highly reliable software systems. One such measure is analyzing the root causes of reoccurring faults and preventing them from ever appearing again. PRORCA method was developed in order to provide a proactive, lightweight and flexible way for fault prevention. To this end, PRORCA method relies on expert knowledge of the development context and development practices to identify individuals’ erratic behaviors that can contribute to faults slipping through to operation. The development of the method was done according to teachings of design science research. Three expert interviews with representative…
New Insights into the Justifiability of Organizational Information Security Policy Noncompliance : A Case Study
Information security policies as apparatus for communicating security principles with employees are the cornerstone of organizational information security. Resultantly, extant literature has looked at different theories to better understand the noncompliance problem. Neutralization theory is emerging as one of the most popular approaches, not only as an explanation but also as a solution. In this in-depth qualitative study, we ask the question ‘how do employees justify violating the ISP’? Our findings reveal nine rationalizing techniques, three of which have not been recognized in previous research. We label them ‘I follow my own rules’, ‘matter of mere legality’ and ‘defense of uniqueness’…
A root cause analysis method for preventing erratic behavior in software development: PEBA
Measures taken to prevent faults from being introduced or going undetected can secure development of highly reliable software systems. One such measure is analyzing root causes of recurring faults and preventing them from appearing again. Previous methods developed for this purpose have been reactive in nature and relied heavily on fault reporting mechanisms of ogranizations. Additionally, previous efforts lack a defined mechanism for innovating corrective actions. In this study, we strive to complement the existing methods by introducing a proactive and qualitative method that does not rely on fault data. During the course of the research, in addition to an extensive literature search, an …