A1 Journal article (refereed)
Common Misunderstandings of Deterrence Theory in Information Systems Research and Future Research Directions (2022)


Siponen, M., Soliman, W., & Vance, A. (2022). Common Misunderstandings of Deterrence Theory in Information Systems Research and Future Research Directions. Data Base for Advances in Information Systems, 53(1), 25-60. https://doi.org/10.1145/3514097.3514101


JYU authors or editors


Publication details

All authors or editors: Siponen, Mikko; Soliman, Wael; Vance, Anthony

Journal or series: Data Base for Advances in Information Systems

ISSN: 1532-0936

eISSN: 2331-1622

Publication year: 2022

Volume: 53

Issue number: 1

Pages range: 25-60

Publisher: ACM

Publication country: United States

Publication language: English

DOI: https://doi.org/10.1145/3514097.3514101

Publication open access: Not open

Publication channel open access:

Publication is parallel published (JYX): https://jyx.jyu.fi/handle/123456789/79509


Abstract

In the 1980s, information systems (IS) borrowed deterrence theory (DT) from the field of criminology to explain information security behaviors (or intention). Today, DT is among the most commonly used theories in IS security research. Our review of IS research applying DT highlights that many fundamental assumptions of DT are unrecognized and therefore unexamined. This may have resulted in misunderstandings and conceptual confusions regarding some of the basic concepts of DT. For example, some IS studies confuse general deterrence with specific deterrence or do not recognize the difference between the two. Moreover, these fundamental assumptions, when directly examined, may provide important information about the applicability of DT in certain IS security contexts. This research commentary aims to identify and discuss some of the fundamental assumptions of DT and their implications for IS research. By examining these assumptions, IS researchers can study the previously unexplored aspects of DT in different IS contexts. Further, by recognizing these assumptions, IS scholars can revise them and build new variants of DT to better account for specific characteristics of IS behaviors and contexts.


Keywords: data systems; data security; data security policy; deterrents

Free keywords: deterrence theory; deterrent effect; information security policy compliance


Contributing organizations


Ministry reporting: Yes

Reporting Year: 2022

Preliminary JUFO rating: 1


Last updated on 2022-14-09 at 12:01