Information Security Policies Compliance: The Role of Organizational Punishment
نویسندگان
چکیده
It has been argued that organizational punishment serves as a deterrent to unwanted employee behavior but there is no clear consensus on the influence of punitive actions on employees’ behavior to comply with information security policies. This study proposes a model that explains the influence of organizational punishment on employees’ cognitive beliefs and their intention to comply with information security policies. We argue that likelihood of punishment impacts employees’ cognitive beliefs that in turn affect their information security compliance behavior. This study uses the theory of planned behavior as a support for its propositions and contributes to the body of knowledge in the IS security stream by addressing a significant gap in the current literature. This is a work in progress and we plan to present results of the empirical study at the conference.
منابع مشابه
Do it OR ELSE! Exploring the Effectiveness of Deterrence on Employee Compliance with Information Security Policies
Organizations have long relied upon the threat of sanctions to influence employees to follow information security policies. Unfortunately, the belief in the power of deterrence has provided mixed results in both research and in real life. This study explored the impact of sanction effects in an organization with a robust information security program. Findings indicate an employee’s perceived sa...
متن کاملUnderstanding Information Security Compliance - Why Goal Setting and Rewards Might be a Bad Idea
Since organizational information security policies can only improve security if employees comply with them, understanding the factors that affect employee security compliance is crucial for strengthening information security. Based on a survey with 200 German employees, we find that reward for production goal achievement negatively impacts security compliance. Whereas a distinct error aversion ...
متن کاملSeeing the forest and the trees: A meta-analysis of information security policy compliance literature
A rich stream of research has identified numerous antecedents to employee compliance with information security policies. However, the breadth of this literature and inconsistencies in the reported findings warrants a more in-depth analysis. Drawing on 25 quantitative studies focusing on security policy compliance, we classified 105 independent variables into 17 distinct categories. We conducted...
متن کاملEncouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness
a r t i c l e i n f o Keywords: Principal agent theory Information security End-user security behaviors Security policy compliance Secure management of information systems is crucially important in information intensive organizations. Although most organizations have long been using security technologies, it is well known that technology tools alone are not sufficient. Thus, the area of end-use...
متن کاملInformation Security Governance: When Compliance Becomes More Important than Security
Current security governance is often based on a centralized decision making model and still uses an ineffective 20th century risk management approach to security. This approach is relatively simple to manage since it needs almost no security governance below the top enterprise level where most decisions are made. However, while there is a role for more corporate governance, new regulations, and...
متن کامل