Academic
Publications
Employees' Behavior towards IS Security Policy Compliance

Employees' Behavior towards IS Security Policy Compliance,10.1109/HICSS.2007.206,Seppo Pahnila,Mikko T. Siponen,Adam Mahmood

Employees' Behavior towards IS Security Policy Compliance   (Citations: 15)
BibTex | RIS | RefWorks Download
Abstract The literature agrees ,that the major ,threat ,to IS security is constituted ,by careless ,employees ,who ,do not,comply ,with ,organizations’ ,IS security ,policies and procedures. To address this concern , different approaches,for ensuring,employees’,IS security policy compliance have been proposed. Prior research,on IS security,compliance ,has ,criticized these ,extant ,IS security,awareness ,approaches ,as lacking theoretically,and ,empirically,grounded ,principles ,to ensure,that ,employees ,comply ,with ,IS security policies. To fill this gap, this study proposes a theoretical,model ,that ,contains ,the ,factors ,that explain,employees’ ,IS security,policy,compliance. Data,(N= 245) from ,a Finnish ,company ,provides empirical,support,for the model. The results suggest tha t information ,quality,has,a significant ,effect on actual,IS security ,policy,compliance.,Employees’ attitude, normative beliefs and habits ha ve significant effect onintention ,toc omply,with IS security policy. Threat,appraisa l,a n d f acilitating ,conditions ,have significant impact on attitude towards complying, while coping ,appraisal ,does ,not have ,a significant effect on employees’ ,attitude towards ,complying. Sanctions,have ,insignificant ,effect on ,intention ,to comply,with ,IS security policy,a nd rewards,do n ot have,a s ignificant,effect on actual compliance,with IS
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
    • ...2007), and this applies to all policies, not specifically to email acceptable use policies (Thorne 1998)...

    Judith Ramsayet al. Using insights from email users to inform organisational email managem...

    • ...2007), and this applies to all policies, not specifically to email acceptable use policies (Thorne 1998)...

    Judith Ramsayet al. Using insights from email users to inform organisational email managem...

    • ...explain security technology adoption [19-21]...
    • ...Others attempted to empirically examine employees’ IS security policy compliance [21, 22]...

    Arthur Jung-Ting Chang. Understanding organizational information security usage from the risky...

    • ...Policies, especially those involving information security, are viewed as mere guidelines [33] or general directionsto follow rather than “hardandfast rules”that are specified as standards[47,60].Duetotherelativelydiscretionarynatureofadherence to these policies, organizations find enforcement of security a critical challenge...
    • ...Thus more recently, research in behavioral information security has started focusing attention to employee intentions to follow security policies [14,47]...
    • ...Pahnila et al. [47] Role of threat appraisal, facilitating conditions, and...
    • ...Recognizing the important role of information security policy compliance in achieving information security objectives in organizations, researchers have initiated studies on policy compliance intentions [14,47] .I n our study, the items for policy compliance intention were adapted from a security-related study by Anderson [5] on security behaviors in home computeruse.Recentstudiesconsideringthesecuritypolicycompliance [14,47] also gave us ...
    • ...Recognizing the important role of information security policy compliance in achieving information security objectives in organizations, researchers have initiated studies on policy compliance intentions [14,47] .I n our study, the items for policy compliance intention were adapted from a security-related study by Anderson [5] on security behaviors in home computeruse.Recentstudiesconsideringthesecuritypolicycompliance [14,47] also gave us ...
    • ...In a more recent study on information security by Pahnilla et al. [47]similarly found that sanctions did not significantly affect employee intentions to comply with security policies...

    Tejaswini Herathet al. Encouraging information security behaviors in organizations: Role of p...

Sort by: