Understanding internal information systems security policy violations as paradoxes

Research output: Contribution to journalReview articlepeer-review

2 Citations (Scopus)


Aim/Purpose: Violations of Information Systems (IS) security policies continue to generate great anxiety amongst many organizations that use information systems, partly because these violations are carried out by internal employees. This article ad-dresses IS security policy violations in organizational settings, and conceptual-izes and problematizes IS security violations by employees of organizations from a paradox perspective. Background: The paradox is that internal employees are increasingly being perceived as more of a threat to the security of organizational systems than outsiders. The notion of paradox is exemplified in four organizational contexts of: belonging paradox, learning paradox, organizing paradox and performing paradox. Methodology: A qualitative conceptual framework exemplifying how IS security violations oc-cur as paradoxes in context to these four areas is presented at the end of this article. Contribution: The article contributes to IS security management practice and suggests how IS security managers should be positioned to understand violations in light of this paradox perspective. Findings: The employee generally in the process of carrying out ordinary activities using computing technology exemplifies unique tensions (or paradoxes in belonging, learning, organizing and performing) and these tensions would generally tend to lead to policy violations when an imbalance occurs. Recommendations for Practitioners: IS security managers must be sensitive to employees tensions. Future Research: A quantitative study, where statistical analysis could be applied to generalize findings, could be useful.

Original languageEnglish
Pages (from-to)1-15
Number of pages15
JournalInterdisciplinary Journal of Information, Knowledge, and Management
Publication statusPublished - 2017


  • Information security
  • Paradox
  • Security policies
  • Systematic literature review (SLR)
  • Violations

ASJC Scopus subject areas

  • General Computer Science
  • Information Systems and Management


Dive into the research topics of 'Understanding internal information systems security policy violations as paradoxes'. Together they form a unique fingerprint.

Cite this