Employees’ non-compliance with information security policies constitutes a significant information security threat to the organization's operations. It is es-timated that half of the information security violations or breaches are caused by employees, either intentionally or unintentionally. By researching how em-ployees explain their security violations, explanatory or predictive reasons of non-compliance with information security policies can be revealed. Previous studies have suggested that intentions of information security violations or in-formation security breaches can be explained by the Neutralization Theory. According to the Neutralization Theory, an individual defends or explains one's behavior that differs from norms or originates from rule-breaking through applying various neutralization techniques. This study discusses employees' experiences and views on the causes of information security violations. With gathered experiences and views of the employees it was made possible to compare if the assumptions of the neutralization theory were correct in the context of the information security and whether the employees justify their information security violations in real life by utilizing neutralization techniques. The study used qualitative research approach. The empirical data of the research was collected through theme interviews. The most notable finding of this study is that the central assumptions of the neutralization theory may not apply to the information security field. Although social order requires some sort of reasoning for why someone is acting improperly or incorrectly, the neutralization techniques may not explain the security violations. The results of this study can be utilized in the development of information security and in enhancing information security awareness. In addition, this study will provide new information to the scientific community and variety of further research topics.