Variables influencing information security policy compliance

Sommestad, Teodor; Hallberg, Jonas; Lundholm, Kristoffer; Bengtsson, Johan

doi:10.1108/imcs-08-2012-0045

Cited by 166 publications

(149 citation statements)

References 38 publications

Supporting

Mentioning

131

Contrasting

Order By: Relevance

“…Communicating the certainty and severity of sanctions for security non-compliance has been considered as an effective management strategy to prevent security non-compliance. However, inconsistent findings of the impact of sanctions have been reported (Sommestad et al 2014). For example, fear of penalties for noncompliance has been found to have a significant impact on security behaviour Rao 2009a, Kankanhalli et al 2003).…”

Section: Factor 3: Formal Security Compliance Evaluationmentioning

confidence: 95%

“…These theories have been found to affect security compliance to some extent in the aggregate. However, most quantitative studies did not examine whether average end-users and security experts/managers complied differently (Sommestad et al 2014). In this case aggregate data cannot adequately inform management decision making because the aggregate user is a nonexistent artefact of statistics, such as is derived when gender results are averaged to produce a mean that is neither male nor female.…”

Section: Literature Reviewmentioning

confidence: 99%

“…Earlier quantitative studies often employed well-founded behavioural theories to explain security compliance (Sommestad et al 2014). Behavioural theories are widely applied to the information security context.…”

Section: Literature Reviewmentioning

confidence: 99%

“…There have also been inconsistent results regarding the effect of rewards on compliance. Rewards were not considered a good predictor of intention to comply (Sommestad et al 2014). For instance, Bulgurcu et al (2010) found rewards, as a part of compliance's benefits, could influence employees' intention to comply.…”

Section: Factor 3: Formal Security Compliance Evaluationmentioning

confidence: 99%

“…Security compliance researchers have conducted quantitative studies to evaluate the impact of specified factors on compliance (Crossler et al 2013, Sommestad et al 2014. However, there has been a paucity of qualitative studies designed to increase understanding of how users experience security-related issues.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Information Security and People: A Conundrum for Compliance

Pham

Dang-Pham

Brennan

et al. 2017

AJIS

View full text Add to dashboard Cite

This evaluation of end-users and IT experts/managers' attitudes towards performing IT security tasks indicates important differences between their perspectives on what is and is not necessary to establish a secure corporate IT environment. Through a series of case studies, this research illustrates that making it easier for end-users to comply does not necessarily equate to enhanced implementation of security measures. End-users want to be autonomous, competent, self-motivated and active participants in the development of secure environments. However, managers and experts want to limit autonomy to ensure that procedures are followed closely, rather than permitting flexibility. This results in the creation of environments that are intrinsically de-motivating rather than motivating end-users to become self-determined and self-regulating co-creators of a secure IT environment. The paper also discusses alternative approaches to developing a human system that works for end-users and experts.

show abstract

Section: Factor 3: Formal Security Compliance Evaluationmentioning

confidence: 95%

Section: Literature Reviewmentioning

confidence: 99%

Section: Literature Reviewmentioning

confidence: 99%

Section: Factor 3: Formal Security Compliance Evaluationmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Information Security and People: A Conundrum for Compliance

Pham

Dang-Pham

Brennan

et al. 2017

AJIS

View full text Add to dashboard Cite

show abstract

Technology's Influence on White‐Collar Offending, Reporting, and Investigation

Holt¹,

Kennedy²

2019

The Handbook of White‐Collar Crime

View full text Add to dashboard Cite

Factors that Influence Workers’ Participation in Unhygienic Cyber Practices: A Pilot Study from Nigeria

Ifinedo

Mengesha

Longe

2019

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Participation or engagement in unhygienic cyber practices could ultimately harm an organization's information and communication technologies, if unchecked. This present study used concepts from the theory of planned behavior and organizational control theory to examine the effects of factors such as attitude, subjective norms, organizational facilitators, monitoring, and self-efficacy on workers' participation in unhygienic cyber practices. A cross-sectional survey of Nigerian professionals was used to test the formulated hypotheses. Partial least squares technique of structural equation modeling (SEM) was used for data analysis. The results indicate that attitude toward cyber hygiene has a negative effect on worker's participation in unhygienic cyber practices; similarly, subjective norms have a negative effect on engagement in such acts. The data did not show that organizational facilitators, self-efficacy, and monitoring had a meaningful impact on Nigerian workers' participation in unhygienic cyber practices. Implications of the study were discussed and contribution to the extant literature noted.

show abstract

Variables influencing information security policy compliance

Cited by 166 publications

References 38 publications

Information Security and People: A Conundrum for Compliance

Information Security and People: A Conundrum for Compliance

Technology's Influence on White‐Collar Offending, Reporting, and Investigation

Factors that Influence Workers’ Participation in Unhygienic Cyber Practices: A Pilot Study from Nigeria

Contact Info

Product

Resources

About