Title :
A Composite Framework for Behavioral Compliance with Information Security Policies
Author :
Aurigemma, Salvatore ; Panko, Raymond
Abstract :
To combat potential security threats, organizations rely upon information security policies to guide employee actions. Unfortunately, employee violations of such policies are common and costly enough that users are often considered the weakest link in information security. This paper presents a composite theoretical framework for understanding employee behavioral compliance with organizational information security policies. Building off of the theory of planned benefits, a composite model is presented that incorporates the strengths of previous studies while minimizing theoretical gaps present in other behavioral compliance models. In building the framework, related operational constructs are examined and normalized to allow better comparison of past studies and help focus future research efforts.
Keywords :
business data processing; personnel; security of data; social aspects of automation; composite theoretical framework; employee behavioral compliance; employee policy violation; organizational information security policies; security threats; Attitude control; Context; Controllability; Information security; Organizations; Behavioral Intent; Compliance; Framework; Information Security Policy; Theory of Planned Benefits;
Conference_Titel :
System Science (HICSS), 2012 45th Hawaii International Conference on
Conference_Location :
Maui, HI
Print_ISBN :
978-1-4577-1925-7
Electronic_ISBN :
1530-1605
DOI :
10.1109/HICSS.2012.49
