Skip to main content
SpringerLink
Log in

I do it because they do it”: Social-Neutralisation in Information Security Practices of Saudi Medical Interns

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12026))

Included in the following conference series:

Abstract

Successful implementation of information security policies (ISP) and IT controls play an important role in safeguarding patient privacy in healthcare organizations. Our study investigates the factors that lead to healthcare practitioners’ neutralisation of ISPs, leading to non-compliance. The study adopted a qualitative approach and conducted a series of semi-structured interviews with medical interns and hospital IT department managers and staff in an academic hospital in Saudi Arabia. The study’s findings revealed that the MIs imitate their peers’ actions and employ similar justifications when violating ISP dictates. Moreover, MI team superiors’ (seniors) ISP non-compliance influences MI’s tendency to invoke neutralisation techniques. We found that trust between medical team members is an essential social facilitator that motivates MI’s to invoke neutralisation techniques to justify violating ISP policies and controls. These findings add new insights that help us to understand the relationship between the social context and neutralisation theory in triggering ISP non-compliance.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Change history

  • 28 February 2020

    The book was inadvertently published with an error in the last name of the second author’s name as Karen Renoud. The spelling of the second author’s name was corrected.

References

  1. Al-Moamary, M.S., Mamede, S., Schmidt, H.G.: Innovations in medical internship: benchmarking and application within the King Saud bin Abdulaziz University for Health Sciences. Educ. Health (Abingdon Engl.) 23(1), 367 (2010)

    Google Scholar 

  2. Altamimi, S., Storer, T., Alzahrani, A.: The role of neutralisation techniques in violating hospitals privacy policies in Saudi Arabia. In: 2018 4th International Conference on Information Management (ICIM), pp. 133–140. IEEE (2018)

    Google Scholar 

  3. Barlow, J.B., Warkentin, M., Ormond, D., Dennis, A.R.: Don’t make excuses! discouraging neutralization to reduce IT policy violation. Comput. Secur. 39, 145–159 (2013)

    Google Scholar 

  4. Bauer, S., Bernroider, E.W.N.: An analysis of the combined influences of neutralization and planned behavior on desirable information security behavior. In: 13th Annual Security Conference, Las Vegas, USA (2014)

    Google Scholar 

  5. Biernacki, P., Waldorf, D.: Snowball sampling: problems and techniques of chain referral sampling. Sociol. Methods Res. 10(2), 141–163 (1981)

    Article  Google Scholar 

  6. Braun, V., Clarke, V.: Using thematic analysis in psychology. Qual. Res. Psychol. 3(2), 77–101 (2006)

    Article  Google Scholar 

  7. Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34(3), 523–548 (2010)

    Article  Google Scholar 

  8. Byers, B., Crider, B.W., Biggers, G.K.: Bias crime motivation: a study of hate crime and offender neutralization techniques used against the Amish. J. Contemp. Crim. Justice 15(1), 78–96 (1999)

    Article  Google Scholar 

  9. Chan, M., Woon, I., Kankanhalli, A.: Perceptions of information security in the workplace: linking information security climate to compliant behavior. J. Inf. Priv. Secur. 1(3), 18–41 (2005)

    Google Scholar 

  10. Coleman, J.W.: The Criminal Elite: The Sociology of White Collar Crime. Macmillan (2001)

    Google Scholar 

  11. Copes, H.: Streetlife and the rewards of auto theft. Deviant Behav. 24(4), 309–332 (2003)

    Article  Google Scholar 

  12. Cram, W.A., D’Arcy, J., Proudfoot, J.G.: Seeing the forest and the trees: a meta-analysis of the antecedents to information security policy compliance. MIS Q. 34(2), 525–554 (2019)

    Google Scholar 

  13. Cram, W.A., Proudfoot, J.G., D’Arcy, J., Alec, W.: Organizational information security policies: a review and research framework. Eur. J. Inf. Syst. 26(6), 605–641 (2017)

    Google Scholar 

  14. Cromwell, P., Thurman, Q.: The devil made me do it: use of neutralizations by shoplifters. Deviant Behav. 24(6), 535–550 (2003)

    Article  Google Scholar 

  15. Fritsche, I.: Account strategies for the violation of social norms: integration and extension of sociological and social psychological typologies. J. Theory Soc. Behav. 32(4) (2002)

    Google Scholar 

  16. Harrington, S.J.: The effect of codes of ethics and personal denial of responsibility on computer abuse judgments and intentions. MIS Q. 20(3), 257–278 (1996)

    Article  Google Scholar 

  17. Henry, S., Eaton, R.: Degrees of Deviance: Student Accounts of Their Deviant Behavior. Avebury (1989)

    Google Scholar 

  18. ISO/IEC29100. ISO/IEC 29100:2011(en): Information technology—Security techniques—Privacy framework

    Google Scholar 

  19. HIPAA Journal. Healthcare data breach statistics (2018). https://www.hipaajournal.com/healthcare-data-breach-statistics/

  20. Klockars, C.B.J.: The Professional Fence. Tavistock Pubns (1975)

    Google Scholar 

  21. Lim, V.K.G.: The it way of loafing on the job: cyberloafing, neutralizing and organizational justice. J. Organ. Behav.: Int. J. Ind. Occup. Organ. Psychol. Behav. 23(5), 675–694 (2002)

    Article  Google Scholar 

  22. Marshall, M.N.: Sampling for qualitative research. Fam. Pract. 13(6), 522–526 (1996)

    Google Scholar 

  23. Maruna, S., Copes, H.: What have we learned from five decades of neutralization research? Crime Justice 32, 221–320 (2005)

    Article  Google Scholar 

  24. Minor, W.W.: Techniques of neutralization: a reconceptualization and empirical examination. J. Res. Crime Delinq. 18(2), 295–318 (1981)

    Article  Google Scholar 

  25. Parks, R., Xu, H., Chu, C.-H., Lowry, P.B.: Examining the intended and unintended consequences of organisational privacy safeguards. Eur. J. Inf. Syst. 26(1), 37–65 (2017)

    Article  Google Scholar 

  26. Piquero, N.L., Tibbetts, S.G., Blankenship, M.B.: Examining the role of differential association and techniques of neutralization in explaining corporate crime. Deviant Behav. 26(2), 159–188 (2005)

    Article  Google Scholar 

  27. Rogers, J.W., Buffalo, M.D.: Neutralization techniques: toward a simplified measurement scale. Pac. Sociol. Rev. 17(3), 313–331 (1974)

    Article  Google Scholar 

  28. Narayana Samy, G., Ahmad, R., Ismail, Z.: Security threats categories in healthcare information systems. Health Inform. J. 16(3), 201–209 (2010)

    Article  Google Scholar 

  29. Silic, M., Barlow, J.B., Back, A.: A new perspective on neutralization and deterrence: predicting shadow it usage. Inf. Manag. 54(8), 1023–1037 (2017)

    Article  Google Scholar 

  30. Siponen, M., Vance, A., Willison, R.: New insights into the problem of software piracy: the effects of neutralization, shame, and moral beliefs. Inf. Manag. 49(7), 334–341 (2012)

    Article  Google Scholar 

  31. Siponen, M.T., Vance, A.: Neutralization: new insights into the problem of employee information systems security policy violations. MIS Q.: Manag. Inf. Syst. 34(SPEC. ISSUE 3), 487–502 (2010)

    Google Scholar 

  32. Sutherland, E.H., Cressey, D.R., Luckenbill, D.F.: Principles of Criminology. Altamira Press (1992)

    Google Scholar 

  33. Sykes, G.M., Matza, D.: Techniques of neutralization: a theory of delinquency. Am. Sociol. Rev. 22(6), 664–670 (1957)

    Article  Google Scholar 

  34. Teh, P.-L., Ahmed, P.K., D’Arcy, J.: What drives information security policy violations among banking employees? Insights from neutralization and social exchange theory. J. Glob. Inf. Manag. 23(1), 44–64 (2015)

    Article  Google Scholar 

  35. Verizon: Data breach investigations report. Verizon Bus. J. 1–77 (2019)

    Google Scholar 

  36. Wall, J., Lowry, P.B., Barlow, J.B.: Organizational violations of externally governed privacy and security rules: explaining and predicting selective violations under conditions of strain and excess. J. Assoc. Inf. Syst. 17(1), 39–76 (2015)

    Google Scholar 

  37. Wartenberg, D., Thompson, W.D.: Privacy versus public health: the impact of current confidentiality rules. Am. J. Public Health 100(3), 407–412 (2010)

    Article  Google Scholar 

  38. Willison, R., Warkentin, M.: Beyond deterrence: an expanded view of employee computer abuse. MIS Q. 37(1), 1–20 (2013)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing Science, University of Glasgow, Glasgow, UK

    Saad Altamimi & Timothy Storer

  2. School of Design and Informatics, University of Abertay, Dundee, UK

    Karen Renaud

  3. University of South Africa, Pretoria, South Africa

    Karen Renaud

Authors
  1. Saad Altamimi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Karen Renaud
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Timothy Storer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Saad Altamimi , Karen Renaud or Timothy Storer .

Editor information

Editors and Affiliations

  1. ReDCAD, University of Sfax, Sfax, Tunisia

    Slim Kallel

  2. IMT Atlantique, Lab-STICC, Université Bretagne Loire, Rennes, France

    Frédéric Cuppens

  3. IMT Atlantique, Lab-STICC, Université Bretagne Loire, Rennes, France

    Nora Cuppens-Boulahia

  4. ReDCAD, University of Sfax, Sfax, Tunisia

    Ahmed Hadj Kacem

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Altamimi, S., Renaud, K., Storer, T. (2020). “I do it because they do it”: Social-Neutralisation in Information Security Practices of Saudi Medical Interns. In: Kallel, S., Cuppens, F., Cuppens-Boulahia, N., Hadj Kacem, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2019. Lecture Notes in Computer Science(), vol 12026. Springer, Cham. https://doi.org/10.1007/978-3-030-41568-6_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-41568-6_15

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-41567-9

  • Online ISBN: 978-3-030-41568-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation