2017
DOI: 10.1108/oir-11-2015-0358
|View full text |Cite
|
Sign up to set email alerts
|

Why not comply with information security? An empirical approach for the causes of non-compliance

Abstract: Purpose The purpose of this paper is to empirically investigate the negative casual relationships between organizational security factors (security systems, security education, and security visibility) and individual non-compliance causes (work impediment, security system anxiety, and non-compliance behaviors of peers), which have negative influences on compliance intention. Design/methodology/approach Based on literature review, the authors propose a research model together with hypotheses. The survey quest… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

4
62
0

Year Published

2017
2017
2023
2023

Publication Types

Select...
5
2

Relationship

0
7

Authors

Journals

citations
Cited by 71 publications
(75 citation statements)
references
References 52 publications
(82 reference statements)
4
62
0
Order By: Relevance
“…It is widely accepted that security incidents related to human perpetrators from internal sources are the most difficult to prevent (Hwang et al, 2017) and not an easy task (McLeod and Dolezel, 2018). A fundamental challenge in complex sociotechnical systems is that of relying upon humans to achieve reliable operations (Kyriakidis et al, 2018) and it is difficult to integrate the human factor in to a plan-do-check-act cycle of an effective Information Security Management System (ISMS) (Frangopoulos, Eloff and Venter, 2014).…”
Section: Related Workmentioning
confidence: 99%
“…It is widely accepted that security incidents related to human perpetrators from internal sources are the most difficult to prevent (Hwang et al, 2017) and not an easy task (McLeod and Dolezel, 2018). A fundamental challenge in complex sociotechnical systems is that of relying upon humans to achieve reliable operations (Kyriakidis et al, 2018) and it is difficult to integrate the human factor in to a plan-do-check-act cycle of an effective Information Security Management System (ISMS) (Frangopoulos, Eloff and Venter, 2014).…”
Section: Related Workmentioning
confidence: 99%
“…1 Regarding TPB, although its core relationships have been established for ISP compliance, the conceptualisation of its normative-influence component in this context provides a basis for additional inquiry. Descriptive norms would seem particularly germane to ISP compliance given the evidence that employees establish security routines based on the activities of their co-workers (Hwang, Kim, Kim, & Kim, 2017). Yet the TPB literature (Ajzen, 1991;Ajzen & Fishbein, 2005) offers an expanded view of normative influences that includes both subjective and descriptive norms.…”
Section: Relevant Literaturementioning
confidence: 99%
“…Accounting for both subjective and descriptive norms appears particularly germane to ISP compliance, because this behaviour is often viewed by employees as onerous (D'Arcy et al, 2014;Posey et al, 2014;Puhakainen & Siponen, 2010). Indeed, there is evidence that employees establish security routines based on the activities of their co-workers (Hwang et al, 2017). Indeed, there is evidence that employees establish security routines based on the activities of their co-workers (Hwang et al, 2017).…”
Section: Normative Influencesmentioning
confidence: 99%
See 2 more Smart Citations