Organizations continually experience losses, financial and otherwise, due to non-compliant behav- iour (Stanton et al., 2005). As managers must balance the task of motivating employees to comply, without imposing counter-productive forms of punishment for non-compliant behaviour, executing leadership in agreement with IT security policy and compliance is emerging as a challenge (D’Arcy et al., 2009).Information system security is an essential feature in most organizations today and compliance is one method of gaining visibility for processes and controls that ensure digital security, the orga- nizational aspect of which being explicit in the Information Security Plan (ISP). The purpose of this paper is to investigate the perceptions and beliefs held by employees and managers regarding compliance with their company’s ISP, by means of the identification of a set of constructs based on workplace culture, personal attitudes and the players (actors) involved. Fifteen variables have been used to build the constructs and this research, an empirical investigation of a set of 7 hypotheses, has been conducted by means of a questionnaire and presents the confirmation of these hypotheses, along with other significant findings, as its conclusions.

The organizational Relationship between Compliance and Information Security

Cavallari, Maurizio
2011-01-01

Abstract

Organizations continually experience losses, financial and otherwise, due to non-compliant behav- iour (Stanton et al., 2005). As managers must balance the task of motivating employees to comply, without imposing counter-productive forms of punishment for non-compliant behaviour, executing leadership in agreement with IT security policy and compliance is emerging as a challenge (D’Arcy et al., 2009).Information system security is an essential feature in most organizations today and compliance is one method of gaining visibility for processes and controls that ensure digital security, the orga- nizational aspect of which being explicit in the Information Security Plan (ISP). The purpose of this paper is to investigate the perceptions and beliefs held by employees and managers regarding compliance with their company’s ISP, by means of the identification of a set of constructs based on workplace culture, personal attitudes and the players (actors) involved. Fifteen variables have been used to build the constructs and this research, an empirical investigation of a set of 7 hypotheses, has been conducted by means of a questionnaire and presents the confirmation of these hypotheses, along with other significant findings, as its conclusions.
2011
ISS
information systems security
empirical
analysis
compliance
organisation
Systems
Security
Information
File in questo prodotto:
File Dimensione Formato  
IJABW-Fall-2011_Maurizio.pdf

accesso aperto

Licenza: Dominio pubblico
Dimensione 307.08 kB
Formato Adobe PDF
307.08 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14086/2490
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
social impact