Publication Date
1-1-2025
Document Type
Conference Proceeding
Publication Title
Proceedings of the Annual Hawaii International Conference on System Sciences
DOI
10.24251/hicss.2025.739
First Page
6181
Last Page
6190
Abstract
Sanctions are often ineffective in promoting employee compliance with information systems security policies (ISSPs) and may lead to undesired outcomes. We establish that ISSP compliance is an ethical decision and examine it through the lens of ethical decision-making using scenario-based surveys. Guided by normative ethical theories and the construal level theory, we find that both the opinions of co-workers and perceived negative consequences of noncompliance to the organization influence employee ISSP compliance intention. Additionally, perceived social distance affects employees' assessment of when damages to the organization can occur. Both the assessed timing of damage and the perceived social distance from the organization influence employees' judgment of potential damages from security breaches resulting from noncompliance. To improve compliance, we recommend organizations align employee compliance motivation with organizational security interests through clear communications of potential security breach damages, fostering a pro-compliance culture, and reducing the psychological distance employees feel from the organization.
Keywords
construal level theory, ethics, information security policy compliance, moral intensity, psychological distance
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 4.0 License.
Department
Information Systems and Technology
Recommended Citation
Dailin Zheng and Zhiping Walter. "Moral Intensity Dimensions of Information Security Policy Compliance: Perspectives of Construal Level Theory and Ethical Theories" Proceedings of the Annual Hawaii International Conference on System Sciences (2025): 6181-6190. https://doi.org/10.24251/hicss.2025.739
