Different from classification and taxonomy, typology meets the criteria of a theory and is a unique form of theory building. Typology is a good first step in exploring a research topic, and, therefore, we are concerned with building typological theories for underdeveloped topics with limited studies. We propose a four-step approach involving content analysis, multidimensional scaling, judgmental analysis, and empirical testing to guide researchers in developing typological theories in their domains of interest using a quantitative approach that rides on empirical methods and industry wisdom. Previous research in information security has paid little attention to employees’ deviant behavior in the workplace. We, therefore, built a typology of information security deviant behavior as an example to illustrate the theory development process. We discuss the theoretical, methodological, and practical implications of this study
