Key points are not available for this paper at this time.
Practice-/policy-oriented abstract: Understanding why employees do or do not comply with information systems security (ISS) procedures is an imperative in today’s organizations whose futures often depend on how well they protect and harness information assets. We use a predominantly inductive approach to develop a theoretical understanding of how employees’ reasons for engaging to ISS behaviors (ISSBs) change over time, using ideas from dialectics as our scaffolding. Our dialectical view of this process suggests that explanations for engaging in different ISSBs change over time as individuals seek to balance contradictory demands. Furthermore, our view suggests that new experiences and external events initiate a process of reevaluating tensions that can in turn lead to behavioral changes. Based on our observations and interpretation, we conclude that it is beneficial for ISS practitioners not only to be aware of factors that seem to promote compliance with ISSPs, but also to pay attention to the importance of opposing values and pressures, triggers, and ways to resolve the existing tensions related to an individual’s ISSBs. This will likely enable awareness about the dilemmas that individuals confront in ISS-related situations and potentially contribute to the design of better controls and procedures for ensuring compliant ISSBs.
Karjalainen et al. (Sat,) studied this question.