Advanced

IS security menace : When security creates insecurity

Balozian, Puzant and Leidner, Dorothy LU (2016) International Conference on Information Systems In 2016 International Conference on Information Systems, ICIS 2016
Abstract

Modern organizations face significant information security violations from inside the organizations to which they respond with various managerial techniques. It is widely believed in IS security literature that enforcing IS security policy compliance on employees through various means is the solution for security effectiveness. Nevertheless, this manuscript challenges that notion and advances a stream of research that suggests increasing security measures may lead to decrease in user productivity, increased user mistrust in the IT department, increased user frustration, increased user technology avoidance, increased non-malicious volitional security violations and overall may lead to increased security risk, instead of decreasing it.... (More)

Modern organizations face significant information security violations from inside the organizations to which they respond with various managerial techniques. It is widely believed in IS security literature that enforcing IS security policy compliance on employees through various means is the solution for security effectiveness. Nevertheless, this manuscript challenges that notion and advances a stream of research that suggests increasing security measures may lead to decrease in user productivity, increased user mistrust in the IT department, increased user frustration, increased user technology avoidance, increased non-malicious volitional security violations and overall may lead to increased security risk, instead of decreasing it. This manuscript explores the how and the why of these mechanisms and suggests what to do about this phenomenon. Following a grounded theory methodology, this study develops the theory of Information System Security Menace (TISSM), a process model that explores the downsides of IS security measures.

(Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Chapter in Book/Report/Conference proceeding
publication status
published
subject
keywords
Downsides of security measures, Grounded theory, IS policy, IS Security Menace, IT compliance, Security, Theory of IS Security
in
2016 International Conference on Information Systems, ICIS 2016
publisher
Association for Information Systems
conference name
International Conference on Information Systems
external identifiers
  • scopus:85019432921
ISBN
9780996683135
language
English
LU publication?
yes
id
649bfb30-639e-4285-bc9e-6b796c1ffbb3
date added to LUP
2017-06-09 10:31:36
date last changed
2017-07-23 05:29:06
@inproceedings{649bfb30-639e-4285-bc9e-6b796c1ffbb3,
  abstract     = {<p>Modern organizations face significant information security violations from inside the organizations to which they respond with various managerial techniques. It is widely believed in IS security literature that enforcing IS security policy compliance on employees through various means is the solution for security effectiveness. Nevertheless, this manuscript challenges that notion and advances a stream of research that suggests increasing security measures may lead to decrease in user productivity, increased user mistrust in the IT department, increased user frustration, increased user technology avoidance, increased non-malicious volitional security violations and overall may lead to increased security risk, instead of decreasing it. This manuscript explores the how and the why of these mechanisms and suggests what to do about this phenomenon. Following a grounded theory methodology, this study develops the theory of Information System Security Menace (TISSM), a process model that explores the downsides of IS security measures.</p>},
  author       = {Balozian, Puzant and Leidner, Dorothy},
  booktitle    = {2016 International Conference on Information Systems, ICIS 2016},
  isbn         = {9780996683135},
  keyword      = {Downsides of security measures,Grounded theory,IS policy,IS Security Menace,IT compliance,Security,Theory of IS Security},
  language     = {eng},
  publisher    = {Association for Information Systems},
  title        = {IS security menace : When security creates insecurity},
  year         = {2016},
}