Presenting Author

Jeffrey Wall

Paper Type

Research-in-Progress Paper

Abstract

This paper offers a grounded theory approach to a review of behavioral information security research. Behavioral information security research is in a nascent state, yet it is growing rapidly due to the importance of information security in organizations. This review examines a particular problem in security research, namely the lack of clear conceptualizations of employee compliance and noncompliance with security policies and norms. This review finds that definitions of compliance and noncompliance are taken-for-granted, which may indicate danger in examining results across studies. Based on existing research of compliance in the information systems field and other fields, this paper identifies four types of compliance and five types of noncompliance along with dimensions of compliance and noncompliance using a grounded theory approach.

Download

Share

COinS
 

Are Conceptualizations of Employee Compliance and Noncompliance in Information Security Research Adequate? Developing Taxonomies of Compliance and Noncompliance

This paper offers a grounded theory approach to a review of behavioral information security research. Behavioral information security research is in a nascent state, yet it is growing rapidly due to the importance of information security in organizations. This review examines a particular problem in security research, namely the lack of clear conceptualizations of employee compliance and noncompliance with security policies and norms. This review finds that definitions of compliance and noncompliance are taken-for-granted, which may indicate danger in examining results across studies. Based on existing research of compliance in the information systems field and other fields, this paper identifies four types of compliance and five types of noncompliance along with dimensions of compliance and noncompliance using a grounded theory approach.