Employees' Behavior towards IS Security Policy Compliance

Authors:
Seppo Pahnila;Mikko Siponen;Adam Mahmood
Affiliations:
University of Oulu, Finland;University of Oulu, Finland;University of Texas at El Paso, USA
Venue:
HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Year:
2007

Citing 0
Cited 14

Security lapses and the omission of information security measures: A threat control model and empirical test

Computers in Human Behavior
Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness

Decision Support Systems
Understanding compliance with internet use policy from the perspective of rational choice theory

Decision Support Systems
Metrics for characterizing the form of security policies

The Journal of Strategic Information Systems
Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness

MIS Quarterly
Practicing safe computing: a multimedia empirical examination of home computer user security behavioral intentions

MIS Quarterly
Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model

Journal of Management Information Systems
Motivating IS security compliance: Insights from Habit and Protection Motivation Theory

Information and Management
A Value Sensitive Design Investigation of Privacy Enhancing Tools in Web Browsers

Decision Support Systems
Modifying smartphone user locking behavior

Proceedings of the Ninth Symposium on Usable Privacy and Security
A Composite Framework for Behavioral Compliance with Information Security Policies

Journal of Organizational and End User Computing
A Composite Framework for Behavioral Compliance with Information Security Policies

Journal of Organizational and End User Computing
Fuzzy Assessment of Health Information System Users' Security Awareness

Journal of Medical Systems
Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition

Information and Management

Quantified Score

Hi-index	0.00

Visualization

Abstract

The literature agrees that the major threat to IS security is constituted by careless employees who do not comply with organizations' IS security policies and procedures. To address this concern , different approaches for ensuring employees' IS security policy compliance have been proposed. Prior research on IS security compliance has criticized these extant IS security awareness approaches as lacking theoretically and empirically grounded principles to ensure that employees comply with IS security policies. To fill this gap, this study proposes a theoretical model that contains the factors that explain employees' IS security policy compliance. Data (N=245) from a Finnish company provides empirical support for the model. The results suggest tha t information quality has a significant effect on actual IS security policy compliance. Employees' attitude, normative beliefs and habits have significant effect on intention to comply with IS security policy. Threat appraisa l a nd facilitating conditions have significant impact on attitude towards complying, while coping appraisal does not have a significant effect on employees' attitude towards complying. Sanctions have insignificant effect on intention to comply with IS security policy a nd rewards do not have a significant effect on actual compliance with IS security policy.