Information Systems Security Policy Compliance: An Analysis of Management Employee Interpersonal Relationship and the Impact on Deterrence

Information Systems Security Policy Compliance: An Analysis of Management Employee Interpersonal Relationship and the Impact on Deterrence

Michael Warah Nsoh (Corpus Christ Army Depot, Corpus Christ, TX, USA), Kathleen Hargiss (Independent Researcher, Bradenton, FL, USA) and Caroline Howard (HC Consulting, Oceanside, CA, USA)
DOI: 10.4018/IJSITA.2015040102
OnDemand PDF Download:
No Current Special Offers


The article describes research conducted to assess and address some key security issues surrounding the use of information technology from employee behavioral standpoint. The aim of the study was to determine additional security measures to reduce security incidents and maximize effective use of information systems. The research is an extension of several recent empirical studies in information systems security policy behavioral compliance, which have generally found people to be a weak link in information security. A mix of theoretical frameworks resulted in a model based on the Theory of Planned Behavior (TPB), which was used to test the impact that management and employee relationship has on deterrence. Results indicate that management has a significant stake in influencing the behavior of their employees, and that the issue of employee disgruntlement nevertheless is not paramount of top management's Information systems security challenges.
Article Preview

1. Introduction

Information Technology is a vital apparatus for strategic business planning and competitive advantage; it inherently has the potential to facilitate and expedite business processes at unprecedented levels. The wide adoption of information technology to conduct ordinary business activities has also been an attractive avenue for criminal ideations resulting in critical security concerns. In order to mitigate possible factors that can impede information security, private and public organizations are predisposed to three categories of security countermeasures including: Technologies, administrative procedures, and education, awareness and training programs (Chaundhry, Chaundhry, & Reese, 2012; Whitman & Mattord, 2009). A preponderance of articles in the research community continues to emphasize the point that, the lack of adherence or conformance to information security policies on the part of employees, either deliberately or inadvertently is of paramount concern (Ifinedo, 2012; Myyry, Siponen, Pahnila, Vartiainen, & Vance, 2009). These facts have lead to the conclusion that, internal users of information systems in organizations constitute the weakest link of defense against information security. The focus of this study is on internal threats and its associated motivators and consequences using the theory of planned behavior, elaborated upon in grater detail in the following paragraphs.

The adoption of Information Technology to conduct daily business operations is a strategic effort and is susceptible to yielding competitive advantage and high returns on investment (Evans, 2011). This outcome can undoubtedly not be achieved without severe security commitments, primarily on the part of top management and secondarily on the part of users of information systems who are the primary custodians of sensitive and confidential information by virtue of their service to the organization and customers alike. Achieving a high level of employee commitment to the security of information systems requires an elevated sense of situational awareness and attention to specific security eventualities (Hu, Dinev, & Hart, 2012; Siponen, Mahmood, & Pahnila, 2009; Whitman, 2003). The focus of information security is increasingly on the role of people and compliance as people often constitute the greatest threat due to poor unintentional and intentional choices resulting from motivating factors that could infringe on their ability to make rational choices (Hu, Xu, Dinev, & Ling, 2011; Pahnila, Siponen, & Mahmood, 2007). Information Security has always been a call for concern for business organizations and their stakeholders alike because of the devastating and humiliating consequences that security incidents can pause to the Confidentiality; Integrity and Availability (CIA) of organizational information.

Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 10: 4 Issues (2019)
Volume 9: 4 Issues (2018)
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing