This study compares the information security policy (ISP) compliance of the banking industry between the United States and South Korea. The distinctive differences of national culture between both nations has led to meaningful findings of ISP compliance at the organizational and individual levels. Drawing on the Cross Value Framework (CVF), this study conducted a survey and distributed questionnaires to the banking employees in the United States and South Korea. Our analysis results reveal that organizational cultures, namely, hierarchical and rational cultures, drive organizational norms in support of ISP compliance in the banking sectors in both nations. While organizational cultures demonstrate no direct effect on individual’s compliance among the banking employees in the United States, organizational cultures consisting of team, rational, and entrepreneurial cultures directly influence individual’s compliance in South Korean banking. Accordingly, this study suggests that common industry characteristics play a role in ISP compliance at the organizational level and that national culture may act as a moderator in ISP compliance at the individual level.
Kam, Hwee-Joo; Katerattanakul, Pairin; and Hong, Soon-Goo, "A Tale of Two Cities: Information Security Policy Compliance of the Banking Industry in the United States and South Korea" (2015). ECIS 2015 Completed Research Papers. Paper 90.