Internalization of Information Security Policy and Information Security Practice: A Comparison with Compliance
Date
2018-01-03
Authors
Contributor
Advisor
Department
Instructor
Depositor
Speaker
Researcher
Consultant
Interviewer
Narrator
Transcriber
Annotator
Journal Title
Journal ISSN
Volume Title
Publisher
Volume
Number/Issue
Starting Page
Ending Page
Alternative Title
Abstract
Most recent information security incidents have been caused by employees’ poor managements rather than technology defects. Accordingly, organizations try to improve their information security by demanding that employees conform to information security policies. Previous studies examined the effect of organization’s enforcement-based systems, using penalties and rewards, on employees’ comply with information security policies. It found there is a lack of autonomy and sustainability if conformity depended on external environmental factors. To confirm, following social influence theory, that employees’ information security practices can be better performed if they go beyond compliance and are internalized, we developed an instrument that measures employees’ attitudes on information security policies and conducted a pilot test. The results show that information security practices are performed better by the higher internalization group than by the compliance group, proving the greater effectiveness of internalization in improving both employees’ and organizations’ information security.
Description
Keywords
Information Security and Privacy, compliance, information security practice behavior, information security policy, internalization, social influence theory
Citation
Extent
9 pages
Format
Geographic Location
Time Period
Related To
Proceedings of the 51st Hawaii International Conference on System Sciences
Related To (URI)
Table of Contents
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International
Rights Holder
Local Contexts
Collections
Email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.