Deterrence and punishment experience impacts on ISP compliance attitudes. (9th October 2017)
- Record Type:
- Journal Article
- Title:
- Deterrence and punishment experience impacts on ISP compliance attitudes. (9th October 2017)
- Main Title:
- Deterrence and punishment experience impacts on ISP compliance attitudes
- Authors:
- Aurigemma, Salvatore
Mattson, Thomas - Abstract:
- Abstract : Purpose: The paper aims to examine the inconclusive impacts of sanction-related deterrence on employee information security policy (ISP) compliance from the extant literature. It proposes that the disparate findings can be partially explained by two factors: investigating the mediating impact of attitudes on sanction effects instead of directly on behavioral intentions and examining employees with and without previous punishment experiences separately. Design/methodology/approach: The paper relied upon survey data from 239 employees of a large governmental organization with a robust ISP and security education and training awareness program. Findings: The paper provides empirical evidence that the rational estimation of sanction effects impacts the cognitive component of attitudes to develop a positive or negative attitude toward performing the ISP directed behavior. Furthermore, this attitudinal effect (created by sanction threats) will be biased depending on whether the employee has experienced, personally or vicariously, any previous punishment for violating the ISP. Research limitations/implications: Because of the chosen research approach (self-reported survey data) and context (single hierarchical organization and a very specific security threat), the research results may lack generalizability. Therefore, researchers are encouraged to test the proposed propositions further in different organizational and threat contexts. Practical implications: OrganizationsAbstract : Purpose: The paper aims to examine the inconclusive impacts of sanction-related deterrence on employee information security policy (ISP) compliance from the extant literature. It proposes that the disparate findings can be partially explained by two factors: investigating the mediating impact of attitudes on sanction effects instead of directly on behavioral intentions and examining employees with and without previous punishment experiences separately. Design/methodology/approach: The paper relied upon survey data from 239 employees of a large governmental organization with a robust ISP and security education and training awareness program. Findings: The paper provides empirical evidence that the rational estimation of sanction effects impacts the cognitive component of attitudes to develop a positive or negative attitude toward performing the ISP directed behavior. Furthermore, this attitudinal effect (created by sanction threats) will be biased depending on whether the employee has experienced, personally or vicariously, any previous punishment for violating the ISP. Research limitations/implications: Because of the chosen research approach (self-reported survey data) and context (single hierarchical organization and a very specific security threat), the research results may lack generalizability. Therefore, researchers are encouraged to test the proposed propositions further in different organizational and threat contexts. Practical implications: Organizations should have a thorough understanding of how their employees' perceive sanctions in relationship to their prior experiences before implementing such policies. Originality/value: The paper addresses previous research calls for examining possible mediation variables for deterrence effects and impacts of punishment experiences on employee ISP compliance. … (more)
- Is Part Of:
- Information and computer security. Volume 25:Number 4(2017)
- Journal:
- Information and computer security
- Issue:
- Volume 25:Number 4(2017)
- Issue Display:
- Volume 25, Issue 4 (2017)
- Year:
- 2017
- Volume:
- 25
- Issue:
- 4
- Issue Sort Value:
- 2017-0025-0004-0000
- Page Start:
- 421
- Page End:
- 436
- Publication Date:
- 2017-10-09
- Subjects:
- Information security -- Punishment -- Policy compliance -- Sanctions -- Deterrence
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-11-2016-0089 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 4804.xml