A1 Journal article (refereed)
Common Misunderstandings of Deterrence Theory in Information Systems Research and Future Research Directions (2022)


Siponen, M., Soliman, W., & Vance, A. (2022). Common Misunderstandings of Deterrence Theory in Information Systems Research and Future Research Directions. Data Base for Advances in Information Systems, 53(1), 25-60. https://doi.org/10.1145/3514097.3514101


JYU authors or editors


Publication details

All authors or editorsSiponen, Mikko; Soliman, Wael; Vance, Anthony

Journal or seriesData Base for Advances in Information Systems

ISSN1532-0936

eISSN2331-1622

Publication year2022

Volume53

Issue number1

Pages range25-60

PublisherACM

Publication countryUnited States

Publication languageEnglish

DOIhttps://doi.org/10.1145/3514097.3514101

Publication open accessNot open

Publication channel open access

Publication is parallel published (JYX)https://jyx.jyu.fi/handle/123456789/79509


Abstract

In the 1980s, information systems (IS) borrowed deterrence theory (DT) from the field of criminology to explain information security behaviors (or intention). Today, DT is among the most commonly used theories in IS security research. Our review of IS research applying DT highlights that many fundamental assumptions of DT are unrecognized and therefore unexamined. This may have resulted in misunderstandings and conceptual confusions regarding some of the basic concepts of DT. For example, some IS studies confuse general deterrence with specific deterrence or do not recognize the difference between the two. Moreover, these fundamental assumptions, when directly examined, may provide important information about the applicability of DT in certain IS security contexts. This research commentary aims to identify and discuss some of the fundamental assumptions of DT and their implications for IS research. By examining these assumptions, IS researchers can study the previously unexplored aspects of DT in different IS contexts. Further, by recognizing these assumptions, IS scholars can revise them and build new variants of DT to better account for specific characteristics of IS behaviors and contexts.


Keywordsdata systemsdata securitydata security policydeterrents

Free keywordsdeterrence theory; deterrent effect; information security policy compliance


Contributing organizations


Ministry reportingYes

Reporting Year2022

JUFO rating1


Last updated on 2024-22-04 at 15:02