nach oben

Soft Computing

Erschienen in:

03.07.2018 | Focus

Social control through deterrence on the compliance with information security policy

verfasst von: Myeonggil Choi, Jeongseok Song

Erschienen in: Soft Computing | Ausgabe 20/2018

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Information system security (ISS) has become an extremely significant issue in organizations to protect information as an organizational asset. The purpose of this study is to investigate what factors affect individuals’ perception of sanction threats. This study uses social control theory to understand the effects of deterrence on public corporation employees’ ISS compliance and elucidate employees’ motivations of ISS violation and different perceptions of sanction threats. The effects and their significance in the model were tested. The results of this study help information security institutions to consider deterrence and self-punishment and to manage compliance with information security policy effectively and securely.

Vorheriger Artikel Energy conscious multi-site computation offloading for mobile cloud computing

Nächster Artikel Motion quaternion-based motion estimation method of MYO using K-means algorithm and Bayesian probability

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Bachman R, Paternoster R, Ward S (1992) The rationality of sexual offending: testing a deterrence/rational choice conception of sexual assault. Law Soc Rev 26(2):343–372CrossRef

Beccaria C (1963) On crimes and punishments. Macmillan, New York

Becker GS (1968) Crime and punishment: an economic approach. The economic dimensions of crime. Palgrave Macmillan, Basingstoke, pp 13–68CrossRef

Boss S, Kirsch L (2007) The last line of defense: motivating employees to follow corporate security guidelines. In: ICIS 2007 proceedings 103

Brown S, Massey A, Montoya-Weiss M, Burkman J (2002) Do I really have to?. User acceptance of mandated technology. Eur J Inf Syst 11:283–295CrossRef

Bulgurcu B, Cavusoglu H, Benbasat I (2010) Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q 34(3):523–548CrossRef

Caldwell T (2012) Training–the weakest link. Comput Fraud Secur 2012(9):8–14CrossRef

Cavusoglu H, Raghunathan S (2009) Configuration of and interaction between information security technologies: the case of firewalls and intrusion detection systems. Inf Syst Res 20(2):198–217CrossRef

Chin WW (1998) The partial least squares approach to structural equation modeling. Mod Methods Bus Res 295(2):295–336

Chin WW, Newsted PR (1999) Structural equation modeling analysis with small samples using partial least squares. Stat Strateg Small Sample Res 2:307–342

Choi MG (2016) Leadership of information security manager on the effectiveness of information systems security for secure sustainable computing. Sustain 8:1–21

Choi MG, Lee CH (2015) Information security management as a bridge in cloud systems from private to public organizations. Sustain 7:12032–12051CrossRef

Cochran JK, Chamlin MB, Wood PB, Sellers CS (1999) Shame, embarrassment, and formal sanction threats: extending the deterrence/rational choice model to academic dishonesty. Sociol Inq 69(1):91–105CrossRef

Cornish D, Clarke R (1986) Situational prevention, displacement of crime and rational choice theory. In: Heal K, Laycock GK (eds) Situational crime prevention: from theory into practice. HMSO, London

D’Arcy J, Hovav A (2009) Does one size fit all? Examining the differential effects of IS security countermeasures. J Bus Ethics 89(1):59–71CrossRef

D’Arcy J, Herath T (2011) A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findings. Eur J Inf Syst 20(6):643–658CrossRef

D’Arcy J, Hovav A, Galletta D (2009) User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Inf Syst Res 20(1):79–98CrossRef

Dhillon G, Backhouse J (2000) Technical opinion: information system security management in the new millennium. Commun ACM 43(7):125–128CrossRef

Feng N, Wang HJ, Li M (2014) A security risk analysis model for information systems: causal relationships of risk factors and vulnerability propagation analysis. Inf Sci 256:57–73CrossRef

Galletta DF, Hufnagel EM (1992) A model of end-user computing policy: context, process, content and compliance. Inf Manag 22(1):1–18CrossRef

Gefen D, Straub D (2005) A practical guide to factorial validity using pls-graph: tutorial and annotated example. Commun Assoc Inf Syst 16:91–109

Herath T, Rao HR (2009a) Protection motivation and deterrence: a framework for security policy compliance in organisations. Eur J Inf Syst 18(2):106–125CrossRef

Herath T, Rao HR (2009b) Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness. Decis Support Syst 47(2):154–165CrossRef

Higgins GE, Wilson AL, Fell BD (2005) An application of deterrence theory to software piracy. J Crim Justice Popul Cult 12(3):166–184

Hirschi T (1969) Causes of delinquency. University of California Press, Berkeley

Hsu JS, Shih SP, Lowry PB (2015) The role of extra-role behaviors and social controls in information security policy effectiveness. Inf Syst Res 26(2):282–300CrossRef

Hu Q, Xu Z, Dinev T, Ling H (2011) Does deterrence work in reducing information security policy abuse by employees? Commun ACM 54(6):54–60CrossRef

Hwang S, Akers RL (2003) Substance use by Korean adolescents: a crosscultural test of social learning, social bonding, and self-control theories. Soc Learn Theory Explain Crime 11:39–63

Ifinedo P (2014) Information systems security policy compliance: an empirical study of the effects of socialisation, influence, and cognition. Inf Manag 51(1):69–79CrossRef

Jacoby J, Chestnut RW (1978) Brand loyalty: measurement and management. Wiley, New York

Jingle IDJ, Rajsingh EB (2014) ColShield: an effective and collaborative protection shield for the detection and prevention of collaborative flooding of DDoS attacks in wireless mesh networks. Hum Centric Comput Inf Sci 4(1):1CrossRef

Kalleberg AL (1977) Work values and job rewards: a theory of job satisfaction. Am Sociol Rev 42(1):124–143CrossRef

Katz J (1988) Seductions of crime: moral and sensual attractions of doing evil. Basic Books, New York

Kim S, Lee H, Kwon H, Lee S (2015) Evaluation model of defense information systems use. J Converg 6(1):18–26

Krohn MD, Massey JL (1980) Social control and delinquent behavior: an examination of the elements of the social bond. Sociol Q 21(4):529–543CrossRef

Lee SM, Lee SG, Yoo S (2004) An integrative model of computer abuse based on social control and general deterrence theories. Inf Manag 41(6):707–718CrossRef

Loughran TA, Pogarsky G, Piquero AR, Paternoster R (2012) Re-examining the functional form of the certainty effect in deterrence theory. Justice Q 29(5):712–741CrossRef

Mitnick KD, Simon WL (2011) The art of deception: controlling the human element of security. Wiley, New York

Nye FI (1958) Family relationships and delinquent behavior. Wiley, New York

O’Reillys CA, Puffer SM (1989) The impact of rewards and punishments in a social context: a laboratory and field experiment. J Occup Psychol 62(1):41–53CrossRef

Özbay Ö, Özcan YZ (2006) A test of Hirschi’s social bonding theory juvenile delinquency in the high schools of Ankara, Turkey. Int J Offender Ther Comp Criminol 50(6):711–726CrossRef

Paternoster R, Simpson S (1996) Sanction threats and appeals to morality: testing a rational choice model of corporate crime. Law Soc Rev 30(3):549–583CrossRef

Pavlou PA, Fygenson M (2006) Understanding and predicting electronic commerce adoption: an extension of the theory of planned behavior. MIS Q 30(1):115–143CrossRef

Piquero A, Tibbetts S (1996) Specifying the direct and indirect effects of low self-control and situational factors in offenders’ decision making: toward a more complete model of rational offending. Justice Q 13(3):481–510CrossRef

Puhakainen P, Siponen M (2010) Improving employees’ compliance through information systems security training: an action research study. Mis Q 34(4):757–778CrossRef

Safa NS, Soloms R, Furnell S (2016) Information security policy compliance model in organization. Comput Secur 56:70–82CrossRef

Sampson RJ, Laub JH (1990) Crime and deviance over the life course: the salience of adult social bonds. Am Sociol Rev 55(5):609–627CrossRef

Siponen MT (1999) Four approaches to construction of information security guidelines. In: Seminar in Scandinavia (IRIS 22), enterprise architectures for virtual organisations, Keuruu, Finland, pp 157

Siponen MT (2000) A conceptual foundation for organizational information security awareness. Inf Manag Comput Secur 8(1):31–41CrossRef

Siponen M, Vance A (2010) Neutralization: new insights into the problem of employee information systems security policy violations. MIS Q 34(3):487–502CrossRef

Siponen M, Vance A, Willison R (2012) New insights into the problem of software piracy: the effects of neutralization, shame, and moral beliefs. Inf Manag 49(7):334–341CrossRef

Siponen M, Mahmood MA, Pahnila S (2014) Employees’ adherence to information security policies: an exploratory field study. Inf Manag 51(2):217–224CrossRef

Son JY (2011) Out of fear or desire? Toward a better understanding of employees’ motivation to follow IS security policies. Inf Manag 48(7):296–302CrossRef

Song Y, Pang Y (2014) How to manage cloud risks based on the BMIS model. J Inf Process Syst 10(1):132–144CrossRef

Stanton JM, Stam KR, Mastrangelo P, Jolton J (2005) Analysis of end user security behaviors. Comput Secur 24(2):124–133CrossRef

Straub DW Jr (1990) Effective IS security: an empirical study. Inf Syst Res 1(3):255–276CrossRef

Straub DW Jr, Nance WD (1990) Discovering and disciplining computer abuse in organizations: a field study. Mis Q 14(1):45–60CrossRef

Susanto H, Almunawar MN, Tuan YC (2011) Information security management system standards: a comparative study of the big five. Int J Electr Comput Sci 11(5):23–29

Thatcher JB, Perrewe PL (2002) An empirical examination of individual traits as antecedents to computer anxiety and computer self-efficacy. MIS Q 26(4):381–396CrossRef

Warkentin M, Willison R (2009) Behavioral and policy issues in information systems security: the insider threat. Eur J Inf Syst 18(2):101CrossRef

Wells LE, Rankin JH (1988) Direct parental controls and delinquency. Criminology 26:263CrossRef

Whitman ME, Townsend AM, Alberts RJ (2001) Information systems security and the need for policy. In: Khosrowpour M (ed) Information security management: global challenges in the new millennium. Idea Group Publishing, Hershey, PA, pp 9–18CrossRef

Wiatrowski M, Anderson KL (1987) The dimensionality of the social bond. J Quant Criminol 3(1):65–81CrossRef

Williams KR, Hawkins R (1986) Perceptual research on general deterrence: a critical review. Law Soc Rev 20(4):545–572CrossRef

Willison R, Warkentin M (2013) Beyond deterrence: an expanded view of employee computer abuse. MIS Q 37(1):1–20CrossRef

Zimring FE, Hawkins G, Vorenberg J (1973) Deterrence: the legal threat in crime control. University of Chicago Press, Chicago, pp 18–23

Titel: Social control through deterrence on the compliance with information security policy
verfasst von: Myeonggil Choi
Jeongseok Song
Publikationsdatum: 03.07.2018
Verlag: Springer Berlin Heidelberg
Erschienen in: Soft Computing / Ausgabe 20/2018
Print ISSN: 1432-7643
Elektronische ISSN: 1433-7479
DOI: https://doi.org/10.1007/s00500-018-3354-z

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Weitere Artikel der Ausgabe 20/2018

Feature selection for entity extraction from multiple biomedical corpora: A PSO-based approach

A hierarchical soft computing model for parameter estimation of curve fitting problems

MTD-Spamguard: a moving target defense-based spammer detection system in social network

Optimizing tasks generation for children in the early stages of literacy teaching: a study using bio-inspired metaheuristics

Building neural network language model with POS-based negative sampling and stochastic conjugate gradient descent

Non-white matter tissue extraction and deep convolutional neural network for Alzheimer’s disease detection