The downsides of information systems security policy compliance efforts : toward a Theory of Unintended Reversed Security Action and Productivity (TURSAP).
Access changed 8/16/21.
Modern organizations face significant information security violations from inside the organizations to which they respond with various managerial techniques. It is widely believed in IS security literature that enforcing IS security policy compliance on employees through various means is the solution for security effectiveness. Nevertheless, this dissertation challenges that notion and advances a stream of research that suggests increasing security measures may lead to decrease in user productivity, increased user mistrust toward the IT department, increased user frustration, increased user technology avoidance, increased non-malicious volitional security violations and overall may lead to increased security risk, instead of decreasing it. This dissertation explores the how and why of these mechanisms and suggests what to do about this phenomenon. Following a grounded theory methodology, this dissertation develops the Theory of Unintended Reversed Security Action and Productivity (TURSAP), the first of its kind in exploring the downsides of IS security measures.