TY - JOUR
T1 - The organizational Relationship between Compliance and Information Security
AU - Cavallari, Maurizio
PY - 2011
Y1 - 2011
N2 - Organizations continually experience losses, financial and otherwise, due to non-compliant behav- iour (Stanton et al., 2005). As managers must balance the task of motivating employees to comply, without imposing counter-productive forms of punishment for non-compliant behaviour, executing leadership in agreement with IT security policy and compliance is emerging as a challenge (D’Arcy et al., 2009).
Information system security is an essential feature in most organizations today and compliance is one method of gaining visibility for processes and controls that ensure digital security, the orga- nizational aspect of which being explicit in the Information Security Plan (ISP). The purpose of this paper is to investigate the perceptions and beliefs held by employees and managers regarding compliance with their company’s ISP, by means of the identification of a set of constructs based on workplace culture, personal attitudes and the players (actors) involved. Fifteen variables have been used to build the constructs and this research, an empirical investigation of a set of 7 hypotheses, has been conducted by means of a questionnaire and presents the confirmation of these hypotheses, along with other significant findings, as its conclusions.
AB - Organizations continually experience losses, financial and otherwise, due to non-compliant behav- iour (Stanton et al., 2005). As managers must balance the task of motivating employees to comply, without imposing counter-productive forms of punishment for non-compliant behaviour, executing leadership in agreement with IT security policy and compliance is emerging as a challenge (D’Arcy et al., 2009).
Information system security is an essential feature in most organizations today and compliance is one method of gaining visibility for processes and controls that ensure digital security, the orga- nizational aspect of which being explicit in the Information Security Plan (ISP). The purpose of this paper is to investigate the perceptions and beliefs held by employees and managers regarding compliance with their company’s ISP, by means of the identification of a set of constructs based on workplace culture, personal attitudes and the players (actors) involved. Fifteen variables have been used to build the constructs and this research, an empirical investigation of a set of 7 hypotheses, has been conducted by means of a questionnaire and presents the confirmation of these hypotheses, along with other significant findings, as its conclusions.
KW - ISS
KW - analysis
KW - compliance
KW - empirical
KW - information systems security
KW - organisation
KW - ISS
KW - analysis
KW - compliance
KW - empirical
KW - information systems security
KW - organisation
UR - http://hdl.handle.net/10807/21600
UR - https://www.jwpress.com/journals/ijabw/backissues/ijabw-fall-2011.pdf
M3 - Article
SN - 1942-6089
VL - 5
SP - 63
EP - 76
JO - INTERNATIONAL JOURNAL OF THE ACADEMIC BUSINESS WORLD
JF - INTERNATIONAL JOURNAL OF THE ACADEMIC BUSINESS WORLD
ER -