The organizational Relationship between Compliance and Information Security

Maurizio Cavallari

Research output: Contribution to journalArticlepeer-review

Abstract

Organizations continually experience losses, financial and otherwise, due to non-compliant behav- iour (Stanton et al., 2005). As managers must balance the task of motivating employees to comply, without imposing counter-productive forms of punishment for non-compliant behaviour, executing leadership in agreement with IT security policy and compliance is emerging as a challenge (D’Arcy et al., 2009). Information system security is an essential feature in most organizations today and compliance is one method of gaining visibility for processes and controls that ensure digital security, the orga- nizational aspect of which being explicit in the Information Security Plan (ISP). The purpose of this paper is to investigate the perceptions and beliefs held by employees and managers regarding compliance with their company’s ISP, by means of the identification of a set of constructs based on workplace culture, personal attitudes and the players (actors) involved. Fifteen variables have been used to build the constructs and this research, an empirical investigation of a set of 7 hypotheses, has been conducted by means of a questionnaire and presents the confirmation of these hypotheses, along with other significant findings, as its conclusions.
Original languageEnglish
Pages (from-to)63-76
Number of pages14
JournalINTERNATIONAL JOURNAL OF THE ACADEMIC BUSINESS WORLD
Volume5
Publication statusPublished - 2011
Externally publishedYes

Keywords

  • ISS
  • analysis
  • compliance
  • empirical
  • information systems security
  • organisation

Fingerprint

Dive into the research topics of 'The organizational Relationship between Compliance and Information Security'. Together they form a unique fingerprint.

Cite this