IDEAS home Printed from https://ideas.repec.org/a/inm/orisre/v30y2019i2p687-704.html
   My bibliography  Save this article

Toward a Theory of Information Systems Security Behaviors of Organizational Employees: A Dialectical Process Perspective

Author

Listed:
  • Mari Karjalainen

    (M3S Research Unit, Faculty of Information Technology and Electrical Engineering, University of Oulu, FI-90014 Oulu, Finland;)

  • Suprateek Sarker

    (McIntire School of Commerce, University of Virginia, Charlottesville, Virginia 22904;)

  • Mikko Siponen

    (Faculty of Information Technology, FI-40014 University of Jyväskylä, Finland)

Abstract

The various guidelines, procedures, and policies referred to as information systems security procedures (ISSPs) underlie information systems security behaviors (ISSBs) of many employees in organizations. Understanding the reasons for ISSBs—that is, why employees do or do not comply with ISSPs—is an imperative in today’s organizations, given that information is a valuable asset. In our study, we observed that employees’ reasons for engaging in ISSBs, such as selecting a password, locking a computer, and using a USB memory device, changed over time. Noting that the dynamic nature of ISSBs has not yet received sufficient consideration in information systems security (ISS) research, we use a predominantly inductive approach to develop a theoretical understanding of the ISSB change process, sensitized by ideas from dialectics. Our dialectical process view suggests that explanations for engaging in different ISSBs are not static but change over time as individuals seek to deal with, or balance, tensions or contradictory demands. Furthermore, our view suggests that “change triggers” (e.g., new experiences and external events) initiate a process of reevaluating tensions that can, in turn, lead to changes in ISSBs. A number of implications for future research and practice emerge from this dialectical understanding of the ISSB change process. The online appendix is available at https://doi.org/10.1287/isre.2018.0827 .

Suggested Citation

  • Mari Karjalainen & Suprateek Sarker & Mikko Siponen, 2019. "Toward a Theory of Information Systems Security Behaviors of Organizational Employees: A Dialectical Process Perspective," Information Systems Research, INFORMS, vol. 30(2), pages 687-704, June.
  • Handle: RePEc:inm:orisre:v:30:y:2019:i:2:p:687-704
    DOI: 10.1287/isre.2018.0827
    as

    Download full text from publisher

    File URL: https://doi.org/10.1287/isre.2018.0827
    Download Restriction: no

    File URL: https://libkey.io/10.1287/isre.2018.0827?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. W. Graham Astley & Raymond F. Zammuto, 1992. "Organization Science, Managers, and Language Games," Organization Science, INFORMS, vol. 3(4), pages 443-460, November.
    2. Wanda J. Orlikowski & Jack J. Baroudi, 1991. "Studying Information Technology in Organizations: Research Approaches and Assumptions," Information Systems Research, INFORMS, vol. 2(1), pages 1-28, March.
    3. M. Lynne Markus & Daniel Robey, 1988. "Information Technology and Organizational Change: Causal Structure in Theory and Research," Management Science, INFORMS, vol. 34(5), pages 583-598, May.
    4. Mark de Rond & Hamid Bouchikhi, 2004. "On the Dialectics of Strategic Alliances," Organization Science, INFORMS, vol. 15(1), pages 56-69, February.
    5. Allen S. Lee, 1991. "Integrating Positivist and Interpretive Approaches to Organizational Research," Organization Science, INFORMS, vol. 2(4), pages 342-365, November.
    6. Søren C. Winter & Peter J. May, 2001. "Motivation for Compliance with Environmental Regulations," Journal of Policy Analysis and Management, John Wiley & Sons, Ltd., vol. 20(4), pages 675-698.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Nagy, A., 2009. "Adoption of interorganizational information systems : The adoption position model," Other publications TiSEM af471297-bf03-43bf-88c1-4, Tilburg University, School of Economics and Management.
    2. Wanda J. Orlikowski & C. Suzanne Iacono, 2001. "Research Commentary: Desperately Seeking the “IT” in IT Research—A Call to Theorizing the IT Artifact," Information Systems Research, INFORMS, vol. 12(2), pages 121-134, June.
    3. Allen S. Lee & Richard L. Baskerville, 2003. "Generalizing Generalizability in Information Systems Research," Information Systems Research, INFORMS, vol. 14(3), pages 221-243, September.
    4. Bradley C. Wheeler, 2002. "NEBIC: A Dynamic Capabilities Theory for Assessing Net-Enablement," Information Systems Research, INFORMS, vol. 13(2), pages 125-146, June.
    5. Goles, Tim & Hirschheim, Rudy, 2000. "The paradigm is dead, the paradigm is dead...long live the paradigm: the legacy of Burrell and Morgan," Omega, Elsevier, vol. 28(3), pages 249-268, June.
    6. John Mingers, 2001. "Combining IS Research Methods: Towards a Pluralist Methodology," Information Systems Research, INFORMS, vol. 12(3), pages 240-259, September.
    7. Boriana Rukanova & Mark Reuver & Stefan Henningsson & Fatemeh Nikayin & Yao-Hua Tan, 2020. "Emergence of collective digital innovations through the process of control point driven network reconfiguration and reframing: the case of mobile payment," Electronic Markets, Springer;IIM University of St. Gallen, vol. 30(1), pages 107-129, March.
    8. Staudenmayer, Nancy A. (Nancy Ann), 1997. "Interdependency : conceptual, empirical, & practical issues," Working papers 162-97. Working paper (Sl, Massachusetts Institute of Technology (MIT), Sloan School of Management.
    9. Miralles, Francesc & Sieber, Sandra & Valor, Josep, 2005. "CIO herds and user gangs in the adoption of open source software," IESE Research Papers D/595, IESE Business School.
    10. David Jancsics & Salvador Espinosa & Jonathan Carlos, 2023. "Organizational noncompliance: an interdisciplinary review of social and organizational factors," Management Review Quarterly, Springer, vol. 73(3), pages 1273-1301, September.
    11. Elbanna, Amany & Newman, Mike, 2022. "The bright side and the dark side of top management support in Digital Transformaion –A hermeneutical reading," Technological Forecasting and Social Change, Elsevier, vol. 175(C).
    12. Rajiv Kohli & Sarv Devaraj, 2003. "Measuring Information Technology Payoff: A Meta-Analysis of Structural Variables in Firm-Level Empirical Research," Information Systems Research, INFORMS, vol. 14(2), pages 127-145, June.
    13. Bianco, Federica & Michelino, Francesca, 2010. "The role of content management systems in publishing firms," International Journal of Information Management, Elsevier, vol. 30(2), pages 117-124.
    14. Sony, Michael & Naik, Subhash, 2020. "Industry 4.0 integration with socio-technical systems theory: A systematic review and proposed theoretical model," Technology in Society, Elsevier, vol. 61(C).
    15. Anders Melander & Tomas Mullern & David Anderssson & Fredrik Elgh & Malin Löfving, 2022. "Bridging the Knowledge Gap in Collaborative Research—in Dialogues We Trust," Systemic Practice and Action Research, Springer, vol. 35(5), pages 655-677, October.
    16. Aaltonen, Aleksi Ville & Alaimo, Cristina & Kallinikos, Jannis, 2021. "The making of data commodities: data analytics as an embedded process," LSE Research Online Documents on Economics 110296, London School of Economics and Political Science, LSE Library.
    17. Zhang, Zibin & Yang, Wenxin & Ye, Jianliang, 2021. "Why sulfur dioxide emissions decline significantly from coal-fired power plants in China? Evidence from the desulfurated electricity pricing premium program," Energy Policy, Elsevier, vol. 148(PB).
    18. repec:dau:papers:123456789/3232 is not listed on IDEAS
    19. Leibbrandt, Andreas & Lynham, John, 2018. "Does the allocation of property rights matter in the commons?," Journal of Environmental Economics and Management, Elsevier, vol. 89(C), pages 201-217.
    20. Mähring, Magnus, 2002. "IT Project Governance: A Process-Oriented Study of Organizational Control and Executive Involvement," SSE/EFI Working Paper Series in Business Administration 2002:15, Stockholm School of Economics.
    21. Pamela J. Hinds & Diane E. Bailey, 2003. "Out of Sight, Out of Sync: Understanding Conflict in Distributed Teams," Organization Science, INFORMS, vol. 14(6), pages 615-632, December.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:inm:orisre:v:30:y:2019:i:2:p:687-704. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Chris Asher (email available below). General contact details of provider: https://edirc.repec.org/data/inforea.html .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.