6533b86ffe1ef96bd12ce88b

RESEARCH PRODUCT

IS Security Policy Violations

Mikko T. SiponenAnthony Vance

subject

IS security policiesCritical security studiesStrategy and ManagementRational choice theoryIS security complianceCommitdeterrence theoryComputer Science ApplicationsTest (assessment)IS securityHuman-Computer InteractionEmpirical researchInformation security standardsrational choice theoryEconomicsIs securitySanctionsPositive economicsSocial psychology

description

Employee violations of IS security policies are reported as a key concern for organizations. Although behavioral research on IS security has received increasing attention from IS scholars, little empirical research has examined this problem. To address this research gap, the authors test a model based on Rational Choice Theory RCT-a prominent criminological theory not yet applied in IS-which explains, in terms of a utilitarian calculation, an individual's decision to commit a violation. Empirical results show that the effects of informal sanctions, moral beliefs, and perceived benefits convincingly explain employee IS security policy violations, while the effect of formal sanctions is insignificant. Based on these findings, the authors discuss several implications for research and practice. publishedVersion

yearjournalcountryeditionlanguage
2012-01-01Journal of Organizational and End User Computing
https://doi.org/10.4018/joeuc.2012010102