D3 Article in professional conference proceedings
Revisiting neutralization theory and its underlying assumptions to inspire future information security research (2022)


Soliman, W., & Mohammadnazar, H. (2022). Revisiting neutralization theory and its underlying assumptions to inspire future information security research. In WISP 2022 : Proceedings of the 17th Workshop on Information Security and Privacy. Association for Information Systems. https://aisel.aisnet.org/wisp2022/2/


JYU authors or editors


Publication details

All authors or editorsSoliman, Wael; Mohammadnazar, Hojat

Parent publicationWISP 2022 : Proceedings of the 17th Workshop on Information Security and Privacy

Conference:

  • Pre-ICIS Workshop on Information Security and Privacy

Place and date of conferenceCopenhagen, Denmark11.12.2022

Publication year2022

PublisherAssociation for Information Systems

Publication countryUnited States

Publication languageEnglish

Persistent website addresshttps://aisel.aisnet.org/wisp2022/2/

Publication open accessNot open

Publication channel open access

Publication is parallel published (JYX)https://jyx.jyu.fi/handle/123456789/86370

Additional informationPre-ICIS Workshop


Abstract

Over two decades ago, neutralization theory was introduced to information systems research from the field of criminology and is currently emerging as an influential foundation to both explain and solve the information security policy noncompliance problem. Much of what we know about the theory focuses exclusively on the neutralization techniques identified in the original as well as subsequent criminological writings. What is often left unexamined in IS research is the underlying assumptions about the theory’s core elements; assumptions about the actor, the act, the normative system, and the nature of neutralizing itself. The objective of this commentary is to revisit the origin of neutralization theory to identify its core assumptions and to lay a foundation for future IS research inspired by these assumptions. This paper points to five core assumptions: (1) The actor is an early-stage offender; (2) The act is shameful; (3) Neutralizing precedes and facilitates deviance; (4) Normative rules are disputable; and (5) Specific neutralization techniques are more relevant to specific violations. Ignoring these underlying assumptions could lead to a situation where we make unfounded claims about the theory or provide practitioners with harmful, rather than helpful, guidance.


Keywordsdata securitydata security policycyber securitydata systemsemployeesinstructions

Free keywordsneutralization theory; underlying assumptions; ISP violations


Contributing organizations


Ministry reportingYes

VIRTA submission year2023


Last updated on 2024-12-10 at 15:16