Paper Type
ERF
Abstract
Sanctions are advocated by major cybersecurity management standards. The leading theory of sanctions is Deterrence Theory (DT), which is one of the most studied theories in information systems (IS) security. However, sanctions under DT may lead to difficulties in cybersecurity, including potential side effects due to the monitoring required. Recently, the concept of passive sanctions has been suggested as an alternative viewpoint on sanctions that does not rely on DT. Passive sanctions show promise, as they may sidestep the negative impacts associated with DT and can be applied in cases where monitoring is virtually unfeasible. In this paper, I further develop the theory of passive sanctions. In contrast to DT's statistical explanations, which focus on statistical generalization within the population, I propose that the theory of passive sanctions consists of stages and mechanisms that provide 'how possible' explanations, making a phenomenon possible.
Paper Number
1495
Recommended Citation
Siponen, Mikko, "Toward a Theory of Passive Sanctions in Cybersecurity" (2025). AMCIS 2025 Proceedings. 1.
https://aisel.aisnet.org/amcis2025/sig_sec/sig_sec/1
Toward a Theory of Passive Sanctions in Cybersecurity
Sanctions are advocated by major cybersecurity management standards. The leading theory of sanctions is Deterrence Theory (DT), which is one of the most studied theories in information systems (IS) security. However, sanctions under DT may lead to difficulties in cybersecurity, including potential side effects due to the monitoring required. Recently, the concept of passive sanctions has been suggested as an alternative viewpoint on sanctions that does not rely on DT. Passive sanctions show promise, as they may sidestep the negative impacts associated with DT and can be applied in cases where monitoring is virtually unfeasible. In this paper, I further develop the theory of passive sanctions. In contrast to DT's statistical explanations, which focus on statistical generalization within the population, I propose that the theory of passive sanctions consists of stages and mechanisms that provide 'how possible' explanations, making a phenomenon possible.
When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.
Comments
SIGSEC