Abstract
Violation of Information Systems (IS) security policies continue to generate great
anxiety amongst many organizations that use information systems, partly because
these violations are carried out by internal employees. This article addresses IS security
policy violations in organizational settings, conceptualizes and problematizes
IS security violations by employees of organizations from a paradox perspective. Background The paradox is that internal employees are increasingly being perceived as more
of a threat to the security of organizational systems than outsiders. The notion of
paradox is exemplified in four organizational contexts of; belonging paradox,
learning paradox, organizing paradox and performing paradox. Methodology A qualitative conceptual framework exemplifying how IS security violations occur
as paradoxes in context to these four areas is presented at the end of this article.
Contribution The article contributes to IS security management practice and suggests how IS
security managers should be positioned to understand violations in light of this
paradox perspective. Findings The employee generally in the process of carrying out ordinary activities using
computing technology exemplifies unique tensions (or paradoxes in belonging,
learning, organizing and performing) and these tensions would generally tend to
lead to policy violations when an imbalance occurs.