The effects of multilevel sanctions on information security violations: A mediating model

Guo, Ken H.; Yuan, Yufei

doi:10.1016/j.im.2012.08.001

Cited by 86 publications

(48 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The granting of rewards for security compliance may not yet be common practice (Guo & Yuan, 2012). Boss, Kirsch, Angermeier, Shingler, and Boss (2009) argued that rewards may increase how mandatory users perceive compliance with security policies, which in turn may enforce security precaution-taking behaviour.…”

Section: Sanctions For Non-compliance and Rewards For Compliancementioning

confidence: 99%

“…In addition enforcing a sanction and rewardbased approach can have a negative impact on staff cooperation (Guo & Yuan, 2012). …”

Section: Sanctions For Non-compliance and Rewards For Compliancementioning

confidence: 99%

“…• Penalising or rewarding a user can be impractical for organisations due to time constraints and difficulty in the description of a concrete evidence trail (Guo & Yuan, 2012). …”

Section: Sanctions For Non-compliance and Rewards For Compliancementioning

confidence: 99%

See 2 more Smart Citations

Review of Behavioural Theories in Security Compliance and Research Challenge

2017

View full text Add to dashboard Cite

Aim/PurposeInconsistent findings on the effect of various determinants of cyber security behaviour emphasise the need for further understanding of the applicability of compliance theories. The paper provides a critical review of determinants of users' cyber security behaviour and establishes directions for future research. Background Cyber security behaviour has been studied using a range of behavioural theories. Factors from these theories help organisations to develop suitable initiatives to encourage positive compliance from the employees. ContributionThe paper integrates factors that can impact cyber security behaviour from Theory of Planned Behaviour, Protection Motivation Theory, Rational Choice Theory and General Deterrence Theory into an overarching framework for better connection of the theories. Previous studies' findings were analysed to establish research challenges in the field. Future Research Future research should investigate the complex interaction between organizational and personal characteristics so that a security program can be developed that can effectively engage employees with security tasks even in demanding work environment.

show abstract

Section: Sanctions For Non-compliance and Rewards For Compliancementioning

confidence: 99%

“…In addition enforcing a sanction and rewardbased approach can have a negative impact on staff cooperation (Guo & Yuan, 2012). …”

Section: Sanctions For Non-compliance and Rewards For Compliancementioning

confidence: 99%

See 1 more Smart Citation

Review of Behavioural Theories in Security Compliance and Research Challenge

2017

View full text Add to dashboard Cite

show abstract

“…Many of these factors relate to the consequentialism ethical perspective, where factors such as perceived threat vulnerability (employees' perceptions of probability of harm occurring to organizations resulting from IS policy noncompliance behaviors) and perceived threat severity (employees' perceptions of severity of harm to organizations resulting from IS policy noncompliance behaviors if harm has occurred) [2,5,9,[19][20][21][22][23][24][25]. Concurrently, others have studied factors with the deontological focus, such as moral obligation (employees' perceptions of severity of harm to organization resulting from their noncompliance behaviors if harm has occurred) [23,[26][27][28][29][30]. However, regarding the virtue perspective, there was no evidence of any study examining factors relating to this perspective.…”

Section: Critical Review Of Is Literaturementioning

confidence: 99%

Evolvement of Information Security Research on Employees' Behavior: A Systematic Review and Future Direction

Alaskar

Vodanovich

Shen

2015

2015 48th Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

Information Security (IS) is one of the biggest concerns for many organizations. This concern has led many to focus a huge effort into studying different IS areas. One of these critical areas is the human aspect, where investigation of employees' behaviors has emerged as an important topic. In this paper, we conduct a systematic review of all empirical studies published on this topic. The review will highlight the theoretical and methodological development and the dissemination of related empirical studies in academic journals throughout the years. At the end of the review, future research considerations are discussed and shared.

show abstract

“…The five studied factors were based on established behavioural theories including protection motivation theory (Rogers 1975), the theory of planned behaviour (Ajzen 1991) and rational choice theory (Becker 1968). A number of previous studies have provided empirical evidence that the listed factors influenced security compliance , Guo and Yuan 2012, Siponen et al 2014, Ifinedo 2011. However, little research appears to have compared how end-users and security experts/managers perceive the impact of these factors on security compliance.…”

Section: Introductionmentioning

confidence: 99%

Information Security and People: A Conundrum for Compliance

Pham

Dang-Pham

Brennan

et al. 2017

AJIS

View full text Add to dashboard Cite

This evaluation of end-users and IT experts/managers' attitudes towards performing IT security tasks indicates important differences between their perspectives on what is and is not necessary to establish a secure corporate IT environment. Through a series of case studies, this research illustrates that making it easier for end-users to comply does not necessarily equate to enhanced implementation of security measures. End-users want to be autonomous, competent, self-motivated and active participants in the development of secure environments. However, managers and experts want to limit autonomy to ensure that procedures are followed closely, rather than permitting flexibility. This results in the creation of environments that are intrinsically de-motivating rather than motivating end-users to become self-determined and self-regulating co-creators of a secure IT environment. The paper also discusses alternative approaches to developing a human system that works for end-users and experts.

show abstract

The effects of multilevel sanctions on information security violations: A mediating model

Cited by 86 publications

References 12 publications

Review of Behavioural Theories in Security Compliance and Research Challenge

Review of Behavioural Theories in Security Compliance and Research Challenge

Evolvement of Information Security Research on Employees' Behavior: A Systematic Review and Future Direction

Information Security and People: A Conundrum for Compliance

Contact Info

Product

Resources

About