Does deterrence work in reducing information security policy abuse by employees?

Abstract: 54 CoMM uniCAT ions of T h e AC M | j uN e 2 0 1 1 | voL . 5 4 | No. 6 practice h acK iNG iN to c o rP o r at e IT systems and individuals' computers is no longer a sport for bragging rights, but a major organized economic activity aiming for significant profits controlled largely by underground networks of criminals and organized crime on a global scale. 2 The financial impact of the computer crimes and related activities is estimated at over one trillion dollars each year worldwide. 17 Unfortunately, despite… Show more

“…[33]. In this study, we use perceived management participation [17] to measure vertical mimetics. However, we posit a different effect of management conduct on employees in Korea than was found in [17].…”

“…In this study, we use perceived management participation [17] to measure vertical mimetics. However, we posit a different effect of management conduct on employees in Korea than was found in [17]. Kim [20: 3] describes the Koreans' legal consciousness as: "Historically, a common sentiment throughout Korea was that to obey the law implied the forfeiture of a reward that could be reaped through lawless or quasi-lawless behavior."…”

“…Research addressing behavioral information security was mostly conducted in the U.S. or Western Europe (e.g., [5], [17], [36], [41]). As businesses globalize and employ people from different cultures, it is imperative that we understand how cultural differences may affect users' security-related behavior.…”

“…For example, several studies adopted a utilitarian approach for deterring misuse behavior (e.g., [10], [41]). This is because many misuse studies are rooted in deterrence theory (e.g., [5], [17]). The key assumption is that behavior is driven by a rational decision process based on costs and benefits of the act to the focal actor.…”

How Espoused Culture Influences Misuse Intention: A Micro-Institutional Theory Perspective

“…[33]. In this study, we use perceived management participation [17] to measure vertical mimetics. However, we posit a different effect of management conduct on employees in Korea than was found in [17].…”

“…In this study, we use perceived management participation [17] to measure vertical mimetics. However, we posit a different effect of management conduct on employees in Korea than was found in [17]. Kim [20: 3] describes the Koreans' legal consciousness as: "Historically, a common sentiment throughout Korea was that to obey the law implied the forfeiture of a reward that could be reaped through lawless or quasi-lawless behavior."…”

“…Research addressing behavioral information security was mostly conducted in the U.S. or Western Europe (e.g., [5], [17], [36], [41]). As businesses globalize and employ people from different cultures, it is imperative that we understand how cultural differences may affect users' security-related behavior.…”

“…For example, several studies adopted a utilitarian approach for deterring misuse behavior (e.g., [10], [41]). This is because many misuse studies are rooted in deterrence theory (e.g., [5], [17]). The key assumption is that behavior is driven by a rational decision process based on costs and benefits of the act to the focal actor.…”

How Espoused Culture Influences Misuse Intention: A Micro-Institutional Theory Perspective

“…The controls of administrative deterrents have been validated as effective in reducing IS [34] and computer abuses (such as software piracy [35,36]) and violation of information security policies [33,37,38]. Wiant [39] also regarded information security policies as deterrent measures, and noted that the effectiveness of information security policy can be maintained when computer abuse incidents and their seriousness are monitored and reported.…”

Leadership of Information Security Manager on the Effectiveness of Information Systems Security for Secure Sustainable Computing

Workplace Cyberdeviance