Abstract:
Modern organizations face significant information security violations from inside the organizations to which they respond with various managerial techniques. It is widely believed in IS security literature that enforcing IS security policy compliance on employees through various means is the solution for security effectiveness. Nevertheless, this manuscript challenges that notion and advances a stream of research that suggests increasing security measures may lead to decrease in user productivity, increased user mistrust in the IT department, increased user frustration, increased user technology avoidance, increased non-malicious volitional security violations and overall may lead to increased security risk, instead of decreasing it. This manuscript explores the how and the why of these mechanisms and suggests what to do about this phenomenon. Following a grounded theory methodology, this study develops the theory of Information System Security Menace (TISSM), a process model that explores the downsides of IS security measures.
Citation:
Balozian, P. Y., & Leidner, D. (2016). IS security menace: When security creates insecurity.