skip to main content
Idioma:
Primo Search
Clear Search Box
Search in: Busca Geral
Busca Avançada
Busca por Índices

Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness

Bulgurcu, Burcu ; Cavusoglu, Hasan ; Benbasat, Izak

MIS quarterly, 2010, Vol.34 (3), p.523-548 [Periódico revisado por pares]

Minneapolis: Management Information Systems Research Center, University of Minnesota

Texto completo disponível

Citações Citado por
  • Título:
    Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness
  • Autor: Bulgurcu, Burcu ; Cavusoglu, Hasan ; Benbasat, Izak
  • Assuntos: Attitudes ; Compliance ; Compliance costs ; Cybersecurity ; Data integrity ; Data security ; Employee attitude ; Employee motivation ; Guideline adherence ; Information resources ; Information storage and retrieval systems ; Information technology ; Internet service providers ; Personnel policies ; Security management ; Self efficacy ; Special Issue: Information Systems Security ; Studies
  • É parte de: MIS quarterly, 2010, Vol.34 (3), p.523-548
  • Descrição: Many organizations recognize that their employees, who are often considered the weakest link in information security, can also be great assets in the effort to reduce risk related to information security. Since employees who comply with the information security rules and regulations of the organization are the key to strengthening information security, understanding compliance behavior is crucial for organizations that want to leverage their human capital. This research identifies the antecedents of employee compliance with the information security policy (ISP) of an organization. Specifically, we investigate the rationality-based factors that drive an employee to comply with requirements of the ISP with regard to protecting the organization's information and technology resources. Drawing on the theory of planned behavior, we posit that, along with normative belief and self-efficacy, an employee's attitude toward compliance determines intention to comply with the ISP. As a key contribution, we posit that an employee's attitude is influenced by benefit of compliance, cost of compliance, and cost of noncompliance, which are beliefs about the overall assessment of consequences of compliance or noncompliance. We then postulate that these beliefs are shaped by the employee's outcome beliefs concerning the events that follow compliance or noncompliance: benefit of compliance is shaped by intrinsic benefit, safety of resources, and rewards, while cost of compliance is shaped by work impediment; and cost of noncompliance is shaped by intrinsic cost, vulnerability of resources, and sanctions. We also investigate the impact of information security awareness (ISA) on outcome beliefs and an employee's attitude toward compliance with the ISP. Our results show that an employee's intention to comply with the ISP is significantly influenced by attitude, normative beliefs, and self-efficacy to comply. Outcome beliefs significantly affect beliefs about overall assessment of consequences, and they, in turn, significantly affect an employee's attitude. Furthermore, ISA positively affects both attitude and outcome beliefs. As the importance of employees' following their organizations' information security rules and regulations increases, our study sheds light on the role of ISA and compliance-related beliefs in an organization's efforts to encourage compliance.
  • Editor: Minneapolis: Management Information Systems Research Center, University of Minnesota
  • Idioma: Inglês
Voltar para lista de resultados

  • Realização: ABCD-USP USP   Logos de Redes Sociais: Freepik

Buscando em bases de dados remotas. Favor aguardar.