Factors influencing Non-Compliance behavior towards Information Security Policies
نویسندگان
چکیده
IT organizations and CEO‟s are, and should be, concerned these days about the (lack of) data confidentiality and the usage of „shadow‟ IT systems by employees. Not only does the company risk monetary loss or public embarrassment, the senior management might also risk personal fines or even imprisonment. Several trends reinforce the attention for these subjects, including the fact that an increasing number of people perform parts of their work tasks from home (RSA, 2007) and the increasing bandwidth available to internet users which makes them rely on the Internet for satisfying their business and personal computing needs (Desisto et al. 2008). Employee compliance with the existing IT security policies is therefore essential. This paper presents a study on factors that influence non-compliance behavior of employees in organizations. The factors found in literature are tested in a survey study amongst employees of a big-four accountancy firm in the Netherlands and Belgium. The study concludes that stricter IT governance and cultural aspects are the most important factors influencing non-compliance behavior.
منابع مشابه
Understanding Information Security Compliance - Why Goal Setting and Rewards Might be a Bad Idea
Since organizational information security policies can only improve security if employees comply with them, understanding the factors that affect employee security compliance is crucial for strengthening information security. Based on a survey with 200 German employees, we find that reward for production goal achievement negatively impacts security compliance. Whereas a distinct error aversion ...
متن کاملFactors Influencing SME Compliance with Government Regulation on Use of IT: The Case of South Africa
This study investigated the factors influencing SME compliance with regulation on use of IT in South Africa. The researcher argues that these consist of a combination of business, industry, economic, technological, sociological, and psychological factors. The results show that cost of compliance was the main influencing factor and that both rural and urban SMEs make limited effort to develop po...
متن کاملTowards analysing the rationale of information security non-compliance: Devising a Value-Based Compliance analysis method
Employees’ poor compliance with information security policies is a perennial problem. Current information security analysis methods do not allow information security managers to capture the rationalities behind employees’ compliance and non-compliance. To address this shortcoming, this design science research paper suggests: (a) a Value-Based Compliance analysis method and (b) a set of design p...
متن کاملAn Integrative Behavioral Model of Information Security Policy Compliance
The authors found the behavioral factors that influence the organization members' compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members' attitudes towards compliance, as well as normative belief and self-efficacy, were believed to d...
متن کاملInfluence of National Culture on Employees' Compliance with Information Systems Security (ISS) Policies: Towards ISS Culture in Ethiopian Companies
Nowadays, IS security is one of the most basic issues that organizations need to focus on. Despite huge investment made by companies to keep their systems safe, there are many security breaches, often caused by insiders. Most investments in security are for technological solutions; however, they are often insufficient and the literature suggests there is one significant element that has been gi...
متن کامل