TY - GEN
T1 - Internalization of information security policy and information security practice
AU - Park, Minjung
AU - Chai, Sangmi
N1 - Publisher Copyright:
© 2018 IEEE Computer Society. All rights reserved.
PY - 2018
Y1 - 2018
N2 - Most recent information security incidents have been caused by employees’ poor managements rather than technology defects. Accordingly, organizations try to improve their information security by demanding that employees conform to information security policies. Previous studies examined the effect of organization’s enforcement-based systems, using penalties and rewards, on employees’ comply with information security policies. It found there is a lack of autonomy and sustainability if conformity depended on external environmental factors. To confirm, following social influence theory, that employees’ information security practices can be better performed if they go beyond compliance and are internalized, we developed an instrument that measures employees’ attitudes on information security policies and conducted a pilot test. The results show that information security practices are performed better by the higher internalization group than by the compliance group, proving the greater effectiveness of internalization in improving both employees’ and organizations’ information security.
AB - Most recent information security incidents have been caused by employees’ poor managements rather than technology defects. Accordingly, organizations try to improve their information security by demanding that employees conform to information security policies. Previous studies examined the effect of organization’s enforcement-based systems, using penalties and rewards, on employees’ comply with information security policies. It found there is a lack of autonomy and sustainability if conformity depended on external environmental factors. To confirm, following social influence theory, that employees’ information security practices can be better performed if they go beyond compliance and are internalized, we developed an instrument that measures employees’ attitudes on information security policies and conducted a pilot test. The results show that information security practices are performed better by the higher internalization group than by the compliance group, proving the greater effectiveness of internalization in improving both employees’ and organizations’ information security.
UR - http://www.scopus.com/inward/record.url?scp=85078884732&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85078884732
T3 - Proceedings of the Annual Hawaii International Conference on System Sciences
SP - 4723
EP - 4731
BT - Proceedings of the 51st Annual Hawaii International Conference on System Sciences, HICSS 2018
A2 - Bui, Tung X.
PB - IEEE Computer Society
Y2 - 2 January 2018 through 6 January 2018
ER -