Search results for "Information security standards"

showing 2 items of 2 documents

IS Security Policy Violations

2012

Employee violations of IS security policies are reported as a key concern for organizations. Although behavioral research on IS security has received increasing attention from IS scholars, little empirical research has examined this problem. To address this research gap, the authors test a model based on Rational Choice Theory RCT-a prominent criminological theory not yet applied in IS-which explains, in terms of a utilitarian calculation, an individual's decision to commit a violation. Empirical results show that the effects of informal sanctions, moral beliefs, and perceived benefits convincingly explain employee IS security policy violations, while the effect of formal sanctions is insig…

IS security policiesCritical security studiesStrategy and ManagementRational choice theoryIS security complianceCommitdeterrence theoryComputer Science ApplicationsTest (assessment)IS securityHuman-Computer InteractionEmpirical researchInformation security standardsrational choice theoryEconomicsIs securitySanctionsPositive economicsSocial psychologyJournal of Organizational and End User Computing
researchProduct

Employees’ adherence to information security policies: An exploratory field study

2014

The key threat to information security comes from employees who do not comply with information security policies. We developed a new multi-theory based model that explained employees' adherence to security policies. The paradigm combines elements from the Protection Motivation Theory, the Theory of Reasoned Action, and the Cognitive Evaluation Theory. We validated the model by using a sample of 669 responses from four corporations in Finland. The SEM-based results showed that perceived severity of potential information security threats, employees' belief as to whether they can apply and adhere to information security policies, perceived vulnerability to potential security threats, employees…

ta113Cognitive evaluation theoryInformation Systems and Managementbusiness.industryInformation securityPublic relationsSecurity policyManagement Information SystemsThreatTheory of reasoned actionInformation security managementInformation security standardsSecurity managementBusinessMarketingInformation SystemsInformation & Management
researchProduct