Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

Deterrence and punishment experience impacts on ISP compliance attitudes

Deterrence and punishment experience impacts on ISP compliance attitudes PurposeThe paper aims to examine the inconclusive impacts of sanction-related deterrence on employee information security policy (ISP) compliance from the extant literature. It proposes that the disparate findings can be partially explained by two factors: investigating the mediating impact of attitudes on sanction effects instead of directly on behavioral intentions and examining employees with and without previous punishment experiences separately.Design/methodology/approachThe paper relied upon survey data from 239 employees of a large governmental organization with a robust ISP and security education and training awareness program.FindingsThe paper provides empirical evidence that the rational estimation of sanction effects impacts the cognitive component of attitudes to develop a positive or negative attitude toward performing the ISP directed behavior. Furthermore, this attitudinal effect (created by sanction threats) will be biased depending on whether the employee has experienced, personally or vicariously, any previous punishment for violating the ISP.Research limitations/implicationsBecause of the chosen research approach (self-reported survey data) and context (single hierarchical organization and a very specific security threat), the research results may lack generalizability. Therefore, researchers are encouraged to test the proposed propositions further in different organizational and threat contexts.Practical implicationsOrganizations should have a thorough understanding of how their employees’ perceive sanctions in relationship to their prior experiences before implementing such policies.Originality/valueThe paper addresses previous research calls for examining possible mediation variables for deterrence effects and impacts of punishment experiences on employee ISP compliance. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png Information & Computer Security Emerald Publishing

Deterrence and punishment experience impacts on ISP compliance attitudes

Loading next page...
 
/lp/emerald-publishing/deterrence-and-punishment-experience-impacts-on-isp-compliance-9Y0EXiQdm1
Publisher
Emerald Publishing
Copyright
Copyright © Emerald Group Publishing Limited
ISSN
2056-4961
DOI
10.1108/ICS-11-2016-0089
Publisher site
See Article on Publisher Site

Abstract

PurposeThe paper aims to examine the inconclusive impacts of sanction-related deterrence on employee information security policy (ISP) compliance from the extant literature. It proposes that the disparate findings can be partially explained by two factors: investigating the mediating impact of attitudes on sanction effects instead of directly on behavioral intentions and examining employees with and without previous punishment experiences separately.Design/methodology/approachThe paper relied upon survey data from 239 employees of a large governmental organization with a robust ISP and security education and training awareness program.FindingsThe paper provides empirical evidence that the rational estimation of sanction effects impacts the cognitive component of attitudes to develop a positive or negative attitude toward performing the ISP directed behavior. Furthermore, this attitudinal effect (created by sanction threats) will be biased depending on whether the employee has experienced, personally or vicariously, any previous punishment for violating the ISP.Research limitations/implicationsBecause of the chosen research approach (self-reported survey data) and context (single hierarchical organization and a very specific security threat), the research results may lack generalizability. Therefore, researchers are encouraged to test the proposed propositions further in different organizational and threat contexts.Practical implicationsOrganizations should have a thorough understanding of how their employees’ perceive sanctions in relationship to their prior experiences before implementing such policies.Originality/valueThe paper addresses previous research calls for examining possible mediation variables for deterrence effects and impacts of punishment experiences on employee ISP compliance.

Journal

Information & Computer SecurityEmerald Publishing

Published: Oct 9, 2017

There are no references for this article.