D3 Article in professional conference proceedings
Revisiting neutralization theory and its underlying assumptions to inspire future information security research (2022)
Soliman, W., & Mohammadnazar, H. (2022). Revisiting neutralization theory and its underlying assumptions to inspire future information security research. In WISP 2022 : Proceedings of the 17th Workshop on Information Security and Privacy. Association for Information Systems. https://aisel.aisnet.org/wisp2022/2/
JYU authors or editors
Publication details
All authors or editors: Soliman, Wael; Mohammadnazar, Hojat
Parent publication: WISP 2022 : Proceedings of the 17th Workshop on Information Security and Privacy
Conference:
- Pre-ICIS Workshop on Information Security and Privacy
Place and date of conference: Copenhagen, Denmark, 11.12.2022
Publication year: 2022
Publisher: Association for Information Systems
Publication country: United States
Publication language: English
Persistent website address: https://aisel.aisnet.org/wisp2022/2/
Publication open access: Not open
Publication channel open access:
Publication is parallel published (JYX): https://jyx.jyu.fi/handle/123456789/86370
Additional information: Pre-ICIS Workshop
Abstract
Over two decades ago, neutralization theory was introduced to information systems research from the field of criminology and is currently emerging as an influential foundation to both explain and solve the information security policy noncompliance problem. Much of what we know about the theory focuses exclusively on the neutralization techniques identified in the original as well as subsequent criminological writings. What is often left unexamined in IS research is the underlying assumptions about the theory’s core elements; assumptions about the actor, the act, the normative system, and the nature of neutralizing itself. The objective of this commentary is to revisit the origin of neutralization theory to identify its core assumptions and to lay a foundation for future IS research inspired by these assumptions. This paper points to five core assumptions: (1) The actor is an early-stage offender; (2) The act is shameful; (3) Neutralizing precedes and facilitates deviance; (4) Normative rules are disputable; and (5) Specific neutralization techniques are more relevant to specific violations. Ignoring these underlying assumptions could lead to a situation where we make unfounded claims about the theory or provide practitioners with harmful, rather than helpful, guidance.
Keywords: data security; data security policy; cyber security; data systems; employees; instructions
Free keywords: neutralization theory; underlying assumptions; ISP violations
Contributing organizations
Ministry reporting: Yes
VIRTA submission year: 2023