Internet security risks are becoming the leading security threats confronting today’s organizations and often result from employees’ non-compliance with the Internet use policy. Current studies on the compliance of security policies have largely ignored the impact of moral factors and the organizational context on employees’ compliance intention. This paper contributes to the literature on information security by theorizing and empirically testing how the intent to comply with the Internet use policy is driven by a cost-benefit analysis bounded by personal moral norms and organization contextual factors. The results of this study indicate that employees’ compliance intention of Internet use policy is the result of competing influences of perceived benefits of Internet abuses, formal sanction risks, personal moral norms and organizational facilitating conditions. In addition, the effect of formal sanctions is found to be moderated by, or is dependent upon, personal moral norms against Internet abuses.
Li, Han; Zhang, Jie; and Sarathy, Rathindra, "Understanding the Compliance with the INternet Use Policy from a Criminology Perspective" (2009). AMCIS 2009 Proceedings. 418.