Advanced search

Information system security policy noncompliance: the role of situation-specific ethical orientation

Gaurav Bansal (University of Wisconsin-Green Bay, Green Bay, Wisconsin, USA)
Steven Muzatko (College of Business Administration, Winthrop University, Rock Hill, South Carolina, USA)
Soo Il Shin (Department of Information Technology and Cybersecurity, Missouri State University, Springfield, Missouri, USA)

Information Technology & People

ISSN: 0959-3845

Publication date: 6 April 2020

Abstract

Purpose

This study examines how neutralization strategies affect the efficacy of information system security policies. This paper proposes that neutralization strategies used to rationalize security policy noncompliance range across ethical orientations, extending from those helping the greatest number of people (ethics of care) to those damaging the fewest (ethics of justice). The results show how noncompliance differs between genders based on those ethical orientations.

Design/methodology/approach

A survey was used to measure information system security policy noncompliance intentions across six different hypothetical scenarios involving neutralization techniques used to justify noncompliance. Data was gathered from students at a mid-western, comprehensive university in the United States.

Findings

The empirical analysis suggests that gender does play a role in information system security policy noncompliance. However, its significance is dependent upon the underlying neutralization method used to justify noncompliance. The role of reward and punishment is contingent on the situation-specific ethical orientation (SSEO) which in turn is a combination of internal ethical positioning based on one's gender and external ethical reasoning based on neutralization technique.

Originality/value

This study extends ethical decision-making theory by examining how the use of punishments and rewards might be more effective in security policy compliance based upon gender. Importantly, the study emphasizes the interplay between ethics, gender and neutralization techniques, as different ethical perspectives appeal differently based on gender.

Keywords

Acknowledgements

The research was made possible in part due to Frederick E. Baer Professorship in Business at Austin E. Cofrin School of Business at the University of Wisconsin–Green Bay.

Citation

Bansal, G., Muzatko, S. and Shin, S.I. (2020), "Information system security policy noncompliance: the role of situation-specific ethical orientation", Information Technology & People, Vol. 34 No. 1, pp. 250-296. https://doi.org/10.1108/ITP-03-2019-0109

Download as .RIS

Publisher

:

Emerald Publishing Limited

Copyright © 2020, Emerald Publishing Limited

To read the full version of this content please select one of the options below

You may be able to access this content by logging in via Shibboleth, Open Athens or with your Emerald account.
To rent this content from Deepdyve, please click the button.
Rent from Deepdyve
If you think you should have access to this content, click the button to contact our support team.
Contact us
Manage cookies

We’re listening — tell us what you think

Join us on our journey