期刊名称:Interdisciplinary Journal of Information, Knowledge, and Management
印刷版ISSN:1555-1229
电子版ISSN:1555-1237
出版年度:2017
卷号:12
页码:001-015
DOI:10.28945/3639
语种:English
出版社:Informing Science Institute
摘要:Aim/Purpose: Violations of Information Systems (IS) security policies continue to generate great anxiety amongst many organizations that use information systems, partly because these violations are carried out by internal employees. This article addresses IS security policy violations in organizational settings, and conceptualizes and problematizes IS security violations by employees of organizations from a paradox perspective. Background: The paradox is that internal employees are increasingly being perceived as more of a threat to the security of organizational systems than outsiders. The notion of paradox is exemplified in four organizational contexts of belonging paradox, learning paradox, organizing paradox and performing paradox. Methodology : A qualitative conceptual framework exemplifying how IS security violations occur as paradoxes in context to these four areas is presented at the end of this article. Contribution: The article contributes to IS security management practice and suggests how IS security managers should be positioned to understand violations in light of this paradox perspective. Findings: The employee generally in the process of carrying out ordinary activities using computing technology exemplifies unique tensions (or paradoxes in belonging, learning, organizing and performing) and these tensions would generally tend to lead to policy violations when an imbalance occurs. Recommendations for Practitioners: IS security managers must be sensitive to employees tensions. Future Research: A quantitative study, where statistical analysis could be applied to generalize findings, could be useful.
关键词:information security; violations; paradox; systematic literature review (SLR); security policies
