Towards Understanding Deterrence: Information Security Managers' Perspective
نویسندگان
چکیده
The enforcement of information security policy is an important issue in organisations. Previous studies approach policy enforcement using deterrence theory to deal with information security violations and focus on end-users’ awareness. This study investigates deterrence strategy within organisations from the perspective of information security managers. The results primarily reveal that current deterrence strategy has little influence on reducing violations because it is only used as a prevention strategy due to the lack of means of detection. Our study suggests that organisations should shift to detection of violations and identification of violators, and expand the range of sanctions. The research also presents an architecture of information security strategies to be operated in a coordinated manner for use in deterring security violations.
منابع مشابه
Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition
This study investigated employees’ information systems security policy (ISSP) compliance behavioural intentions in organisations from the theoretical lenses of social bonding, social influence, and cognitive processing. Given that previous research on ISSP compliance has been based on deterrence theory, this study seeks to augment and diversify research on ISSP compliance through its theoretica...
متن کاملCoping with Information Security Breaches from Inside: A Strategic Approach
This study looks into the employment of deterrence to reduce security breaches within organisations. The result reveals that current deterrence is less influential. This study suggests that organisations should shift towards the detection of violations and the identification of perpetrators. The research also presents a conceptual architecture of multiple strategies. Keywords— Information Secur...
متن کاملUnderstanding Organization Employee's Information Security Omission Behavior: an Integrated Model of Social norm and Deterrence
Employee`s information security behavior is critical to ensure the security of organization`s information assets. Countermeasures, such as information security policies, are helpful to reduce computer abuse and information systems misuse. However, employees in practice tend to engage in these violation behaviors, although they know policies and countermeasures. Undoubtedly, these omission behav...
متن کاملAnger or Fear? Effects of Discrete Emotions on Deviant Security Behavior
Deterrence theory has received considerable attention in recent years. However, scholars have begun to call for research beyond the deterrence approach on security behaviors, and argue that the theory of emotion should not be omitted from information systems security decision making [15, 81]. In this research, we examine and distinguish effects of anger and fear on perceived costs of sanctions ...
متن کاملUnderstanding Transition towards Information Security Culture Change
Transitioning towards an information security culture for organisations has not been adequately explored in the current security and management literature. Many authors have proposed how information security culture can be created, fostered and managed within organisations, but have failed to adequately address the transition process towards information security culture change, particularly for...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011