IS security menace : When security creates insecurity
(2016) International Conference on Information Systems- Abstract
Modern organizations face significant information security violations from inside the organizations to which they respond with various managerial techniques. It is widely believed in IS security literature that enforcing IS security policy compliance on employees through various means is the solution for security effectiveness. Nevertheless, this manuscript challenges that notion and advances a stream of research that suggests increasing security measures may lead to decrease in user productivity, increased user mistrust in the IT department, increased user frustration, increased user technology avoidance, increased non-malicious volitional security violations and overall may lead to increased security risk, instead of decreasing it.... (More)
Modern organizations face significant information security violations from inside the organizations to which they respond with various managerial techniques. It is widely believed in IS security literature that enforcing IS security policy compliance on employees through various means is the solution for security effectiveness. Nevertheless, this manuscript challenges that notion and advances a stream of research that suggests increasing security measures may lead to decrease in user productivity, increased user mistrust in the IT department, increased user frustration, increased user technology avoidance, increased non-malicious volitional security violations and overall may lead to increased security risk, instead of decreasing it. This manuscript explores the how and the why of these mechanisms and suggests what to do about this phenomenon. Following a grounded theory methodology, this study develops the theory of Information System Security Menace (TISSM), a process model that explores the downsides of IS security measures.
(Less)
- author
- Balozian, Puzant and Leidner, Dorothy LU
- organization
- publishing date
- 2016
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- published
- subject
- keywords
- Downsides of security measures, Grounded theory, IS policy, IS Security Menace, IT compliance, Security, Theory of IS Security
- host publication
- 2016 International Conference on Information Systems, ICIS 2016
- publisher
- Association for Information Systems
- conference name
- International Conference on Information Systems
- conference location
- Dublin, Ireland
- conference dates
- 2016-12-11 - 2016-12-14
- external identifiers
-
- scopus:85019432921
- ISBN
- 9780996683135
- language
- English
- LU publication?
- yes
- id
- 649bfb30-639e-4285-bc9e-6b796c1ffbb3
- date added to LUP
- 2017-06-09 10:31:36
- date last changed
- 2022-04-25 00:34:47
@inproceedings{649bfb30-639e-4285-bc9e-6b796c1ffbb3,
abstract = {{<p>Modern organizations face significant information security violations from inside the organizations to which they respond with various managerial techniques. It is widely believed in IS security literature that enforcing IS security policy compliance on employees through various means is the solution for security effectiveness. Nevertheless, this manuscript challenges that notion and advances a stream of research that suggests increasing security measures may lead to decrease in user productivity, increased user mistrust in the IT department, increased user frustration, increased user technology avoidance, increased non-malicious volitional security violations and overall may lead to increased security risk, instead of decreasing it. This manuscript explores the how and the why of these mechanisms and suggests what to do about this phenomenon. Following a grounded theory methodology, this study develops the theory of Information System Security Menace (TISSM), a process model that explores the downsides of IS security measures.</p>}},
author = {{Balozian, Puzant and Leidner, Dorothy}},
booktitle = {{2016 International Conference on Information Systems, ICIS 2016}},
isbn = {{9780996683135}},
keywords = {{Downsides of security measures; Grounded theory; IS policy; IS Security Menace; IT compliance; Security; Theory of IS Security}},
language = {{eng}},
publisher = {{Association for Information Systems}},
title = {{IS security menace : When security creates insecurity}},
year = {{2016}},
}