Do it OR ELSE! Exploring the Effectiveness of Deterrence on Employee Compliance with Information Security Policies
ثبت نشده
چکیده
Organizations have long relied upon the threat of sanctions to influence employees to follow information security policies. Unfortunately, the belief in the power of deterrence has provided mixed results in both research and in real life. This study explored the impact of sanction effects in an organization with a robust information security program. Findings indicate an employee’s perceived sanction severity has a significant impact on their intent to follow ISP guidelines while their perceived certainty of sanction imposition does not, both of which support previous research. However, this paper was unique in that it addressed the impact of punishment experiences on sanction effects and found, somewhat counterintuitively, that those with personal or vicarious punishment experiences were less likely to be influenced by the deterrent effects of sanctions.
منابع مشابه
Protection motivation and deterrence: a framework for security policy compliance in organisations
Received: 21 February 2008 Revised: 15 August 2008 2nd Revision: 31 January 2009 Accepted: 23 February 2009 Abstract Enterprises establish computer security policies to ensure the security of information resources; however, if employees and end-users of organisational information systems (IS) are not keen or are unwilling to follow security policies, then these efforts are in vain. Our study is...
متن کاملWhich Factors Explain Employees' Adherence to Information Security Policies? An Empirical Study
It is widely agreed that a key threat to information security is caused by careless employees who do not adhere to the information security policies of their organizations. In order to ensure that employees comply with the organization’s information security procedures, a number of information security policy compliance measures have been proposed in the past. Prior research has, however, criti...
متن کاملEmployees' Adherence to Information Security Policies: An Empirical Study
The key threat to information security is constituted by careless employees who do not comply with information security policies. To ensure that employees comply with organizations’ information security procedures, a number of information security policy compliance measures have been proposed in the past. Prior research has criticized these measures as lacking theoretically and empirically grou...
متن کاملUnderstanding Organization Employee's Information Security Omission Behavior: an Integrated Model of Social norm and Deterrence
Employee`s information security behavior is critical to ensure the security of organization`s information assets. Countermeasures, such as information security policies, are helpful to reduce computer abuse and information systems misuse. However, employees in practice tend to engage in these violation behaviors, although they know policies and countermeasures. Undoubtedly, these omission behav...
متن کاملExploring the Type of Relationship between Information Security Management and Organizational Culture (Case Study in TAM Iran Khodro Co.)
A culture conducive to information security practice is extremely important for organizations since information has to be critical assets in modern enterprises. Thus for understanding and improving the organizational behavior with regard to information security, enterprises may look into organizational culture and examine how it affects the effectiveness of implementing ISM. This study aims ...
متن کامل