6533b85afe1ef96bd12b9ee7

RESEARCH PRODUCT

Effects of sanctions, moral beliefs, and neutralization on information security policy violations across cultures

Anthony VanceDetmar W. StraubMikko T. Siponen

subject

Information Systems and Managementmedia_common.quotation_subjectPrincipal (computer security)030508 substance abuseShame02 engineering and technologyInformation securityManagement Information Systems03 medical and health sciencesMultinational corporation020204 information systemsCultural diversity0202 electrical engineering electronic engineering information engineeringSanctionsInformation security policyDeterrence theoryBusiness0305 other medical scienceInformation SystemsLaw and economicsmedia_common

description

Abstract A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies using this theory have produced mixed results. Past research has indicated that cultural differences may be one reason for these inconsistent findings and have hence called for cross-cultural research on deterrence in information security. To address this gap, we formulated a model including deterrence, moral beliefs, shame, and neutralization techniques and tested it with the employees from 48 countries working for a large multinational company.

yearjournalcountryeditionlanguage
2020-06-01Information & Management
https://doi.org/10.1016/j.im.2019.103212