Internalization of information security policy and information security practice: A comparison with compliance

Minjung Park, Sangmi Chai

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

6 Scopus citations

Abstract

Most recent information security incidents have been caused by employees’ poor managements rather than technology defects. Accordingly, organizations try to improve their information security by demanding that employees conform to information security policies. Previous studies examined the effect of organization’s enforcement-based systems, using penalties and rewards, on employees’ comply with information security policies. It found there is a lack of autonomy and sustainability if conformity depended on external environmental factors. To confirm, following social influence theory, that employees’ information security practices can be better performed if they go beyond compliance and are internalized, we developed an instrument that measures employees’ attitudes on information security policies and conducted a pilot test. The results show that information security practices are performed better by the higher internalization group than by the compliance group, proving the greater effectiveness of internalization in improving both employees’ and organizations’ information security.

Original languageEnglish
Title of host publicationProceedings of the 51st Annual Hawaii International Conference on System Sciences, HICSS 2018
EditorsTung X. Bui
PublisherIEEE Computer Society
Pages4723-4731
Number of pages9
ISBN (Electronic)9780998133119
StatePublished - 2018
Event51st Annual Hawaii International Conference on System Sciences, HICSS 2018 - Big Island, United States
Duration: 2 Jan 20186 Jan 2018

Publication series

NameProceedings of the Annual Hawaii International Conference on System Sciences
Volume2018-January
ISSN (Print)1530-1605

Conference

Conference51st Annual Hawaii International Conference on System Sciences, HICSS 2018
Country/TerritoryUnited States
CityBig Island
Period2/01/186/01/18

Bibliographical note

Publisher Copyright:
© 2018 IEEE Computer Society. All rights reserved.

Fingerprint

Dive into the research topics of 'Internalization of information security policy and information security practice: A comparison with compliance'. Together they form a unique fingerprint.

Cite this