Information security policy compliance: a higher education case study. (12th March 2018)
- Record Type:
- Journal Article
- Title:
- Information security policy compliance: a higher education case study. (12th March 2018)
- Main Title:
- Information security policy compliance: a higher education case study
- Authors:
- Alshare, Khaled A.
Lane, Peggy L.
Lane, Michael R. - Abstract:
- Abstract : Purpose: The purpose of this case study is to examine the factors that impact higher education employees' violations of information security policy by developing a research model based on grounded theories such as deterrence theory, neutralization theory and justice theory. Design/methodology/approach: The research model was tested using 195 usable responses. After conducting model validation, the hypotheses were tested using multiple linear regression. Findings: The results of the study revealed that procedural justice, distributive justice, severity and celerity of sanction, privacy, responsibility and organizational security culture were significant predictors of violations of information security measures. Only interactional justice was not significant. Research limitations/implications: As with any exploratory case study, this research has limitations such as the self-reported information and the method of measuring the violation of information security measures. The method of measuring information security violations has been a challenge for researchers. Of course, the best method is to capture the actual behavior. Another limitation to this case study which might have affected the results is the significant number of faculty members in the respondent pool. The shared governance culture of faculty members on a US university campus might bias the results more than in a company environment. Caution should be applied when generalizing the results of this caseAbstract : Purpose: The purpose of this case study is to examine the factors that impact higher education employees' violations of information security policy by developing a research model based on grounded theories such as deterrence theory, neutralization theory and justice theory. Design/methodology/approach: The research model was tested using 195 usable responses. After conducting model validation, the hypotheses were tested using multiple linear regression. Findings: The results of the study revealed that procedural justice, distributive justice, severity and celerity of sanction, privacy, responsibility and organizational security culture were significant predictors of violations of information security measures. Only interactional justice was not significant. Research limitations/implications: As with any exploratory case study, this research has limitations such as the self-reported information and the method of measuring the violation of information security measures. The method of measuring information security violations has been a challenge for researchers. Of course, the best method is to capture the actual behavior. Another limitation to this case study which might have affected the results is the significant number of faculty members in the respondent pool. The shared governance culture of faculty members on a US university campus might bias the results more than in a company environment. Caution should be applied when generalizing the results of this case study. Practical implications: The findings validate past research and should encourage managers to ensure employees are involved with developing and implementing information security measures. Additionally, the information security measures should be applied consistently and in a timely manner. Past research has focused more on the certainty and severity of sanctions and not as much on the celerity or swiftness of applying sanctions. The results of this research indicate there is a need to be timely (swift) in applying sanctions. The importance of information security should be grounded in company culture. Employees should have a strong sense of treating company data as they would want their own data to be treated. Social implications: Engaging employees in developing and implementing information security measures will reduce employees' violations. Additionally, giving employees the assurance that all are given the same treatment when it comes to applying sanctions will reduce the violations. Originality/value: Setting and enforcing in a timely manner a solid sanction system will help in preventing information security violations. Moreover, creating a culture that fosters information security will help in positively affecting the employees' perceptions toward privacy and responsibility, which in turn, impacts information security violations. This case study applies some existing theories in the context of the US higher education environment. The results of this case study contributed to the extension of existing theories by including new factors, on one hand, and confirming previous findings, on the other hand. … (more)
- Is Part Of:
- Information and computer security. Volume 26:Number 1(2018)
- Journal:
- Information and computer security
- Issue:
- Volume 26:Number 1(2018)
- Issue Display:
- Volume 26, Issue 1 (2018)
- Year:
- 2018
- Volume:
- 26
- Issue:
- 1
- Issue Sort Value:
- 2018-0026-0001-0000
- Page Start:
- 91
- Page End:
- 108
- Publication Date:
- 2018-03-12
- Subjects:
- Information security -- Computer security -- Information security policy -- Information security policy compliance -- Organizational justice theory -- Violations of information security
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-09-2016-0073 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 6064.xml