Myyry et al., 2009: What Levels of Moral Reasoning and Values Explain Adherence to Information Security Rules? An Empirical Study

Topic:

We propose a theoretical model that explains noncompliance in terms of moral reasoning and values. The model integrates two well-known psychological theories: the Theory of Cognitive Moral Development by Kohlberg and the Theory of Motivational Types of Values by Schwartz.

survey with scenarios, 132 finnish employees and students

Constructs in this publication:

Construct	Cites	Category	Questions given?	Content validity	Pretests	Response type	Notes
moral reasoning	NEW		yes	no	pilot	9-point scale
moral judgement	Rest, 1979		no	no	pilot	5-point scale from "very important" to "insignificant"
Value priorities	Schwartz et al., 1999		no	no	pilot	6-point scale from "not like me at all" to "very much like me"

This publication is cited by the following publications:

• Sommestad et al., 2014: Actual compliance
• Sommestad et al., 2014: Conservation
• Sommestad et al., 2014: Conventional reasoning
• Sommestad et al., 2014: Intention to comply
• Sommestad et al., 2014: Openness to change
• Sommestad et al., 2014: Postconventional reasoning
• Sommestad et al., 2014: Preconventional reasoning

Citation:

Liisa Myyry, Mikko Siponen, Seppo Pahnila, Tero Vartiainen, and Anthony Vance. What levels of moral reasoning and values explain adherence to information security rules? An empirical study. European Journal of Information Systems, 18(2):126–139, April 2009. doi:10.1057/ejis.2009.10.

Bibtex

@article{myyry_what_2009,
 abstract = {It is widely agreed that employee non-adherence to information security policies poses a major problem for organizations. Previous research has pointed to the potential of theories of moral reasoning to better understand this problem. However, we find no empirical studies that examine the influence of moral reasoning on compliance with information security policies. We address this research gap by proposing a theoretical model that explains non-compliance in terms of moral reasoning and values. The model integrates two well-known psychological theories: the Theory of Cognitive Moral Development by Kohlberg and the Theory of Motivational Types of Values by Schwartz. Our empirical findings largely support the proposed model and suggest implications for practice and research on how to improve information security policy compliance.},
 author = {Myyry, Liisa and Siponen, Mikko and Pahnila, Seppo and Vartiainen, Tero and Vance, Anthony},
 doi = {10.1057/ejis.2009.10},
 issn = {0960-085X, 1476-9344},
 journal = {European Journal of Information Systems},
 language = {en},
 month = {April},
 number = {2},
 pages = {126-139},
 shorttitle = {What Levels of Moral Reasoning and Values Explain Adherence to Information Security Rules?},
 title = {What Levels of Moral Reasoning and Values Explain Adherence to Information Security Rules? {{An}} Empirical Study},
 volume = {18},
 year = {2009}
}

---