EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Toward a Theory of Information Systems Security Behaviors of Organizational Employees: A Dialectical Process Perspective

Mari Karjalainen (), Suprateek Sarker () and Mikko Siponen ()
Additional contact information
Mari Karjalainen: M3S Research Unit, Faculty of Information Technology and Electrical Engineering, University of Oulu, FI-90014 Oulu, Finland;
Suprateek Sarker: McIntire School of Commerce, University of Virginia, Charlottesville, Virginia 22904;
Mikko Siponen: Faculty of Information Technology, FI-40014 University of Jyväskylä, Finland

Information Systems Research, 2019, vol. 30, issue 2, 687-704

Abstract: The various guidelines, procedures, and policies referred to as information systems security procedures (ISSPs) underlie information systems security behaviors (ISSBs) of many employees in organizations. Understanding the reasons for ISSBs—that is, why employees do or do not comply with ISSPs—is an imperative in today’s organizations, given that information is a valuable asset. In our study, we observed that employees’ reasons for engaging in ISSBs, such as selecting a password, locking a computer, and using a USB memory device, changed over time. Noting that the dynamic nature of ISSBs has not yet received sufficient consideration in information systems security (ISS) research, we use a predominantly inductive approach to develop a theoretical understanding of the ISSB change process, sensitized by ideas from dialectics. Our dialectical process view suggests that explanations for engaging in different ISSBs are not static but change over time as individuals seek to deal with, or balance, tensions or contradictory demands. Furthermore, our view suggests that “change triggers” (e.g., new experiences and external events) initiate a process of reevaluating tensions that can, in turn, lead to changes in ISSBs. A number of implications for future research and practice emerge from this dialectical understanding of the ISSB change process. The online appendix is available at https://doi.org/10.1287/isre.2018.0827 .

Keywords: information systems security behavior; interpretive research; dialectics; process theory; case study (search for similar items in EconPapers)
Date: 2019
References: View references in EconPapers View complete reference list from CitEc
Citations:

Downloads: (external link)
https://doi.org/10.1287/isre.2018.0827 (application/pdf)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:inm:orisre:v:30:y:2019:i:2:p:687-704

Access Statistics for this article

More articles in Information Systems Research from INFORMS Contact information at EDIRC.
Bibliographic data for series maintained by Chris Asher ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:inm:orisre:v:30:y:2019:i:2:p:687-704