Location
Hilton Waikoloa Village, Hawaii
Event Website
http://www.hicss.hawaii.edu
Start Date
1-4-2017
End Date
1-7-2017
Description
A rich stream of research has identified numerous antecedents to employee compliance with information security policies. However, the breadth of this literature and inconsistencies in the reported findings warrants a more in-depth analysis. Drawing on 25 quantitative studies focusing on security policy compliance, we classified 105 independent variables into 17 distinct categories. We conducted a meta-analysis for each category’s relationship with security policy compliance and then analyzed the results for possible moderators. Our results revealed a number of illuminating insights, including (1) the importance of categories associated with employees’ personal attitudes, norms and beliefs, (2) the relative weakness of the link between compliance and rewards/punishment, and (3) the enhanced compliance associated with general security policies rather than specific policies (e.g., anti-virus). These findings can be used as a reference point from which future scholarship in this area can be guided.
Seeing the forest and the trees: A meta-analysis of information security policy compliance literature
Hilton Waikoloa Village, Hawaii
A rich stream of research has identified numerous antecedents to employee compliance with information security policies. However, the breadth of this literature and inconsistencies in the reported findings warrants a more in-depth analysis. Drawing on 25 quantitative studies focusing on security policy compliance, we classified 105 independent variables into 17 distinct categories. We conducted a meta-analysis for each category’s relationship with security policy compliance and then analyzed the results for possible moderators. Our results revealed a number of illuminating insights, including (1) the importance of categories associated with employees’ personal attitudes, norms and beliefs, (2) the relative weakness of the link between compliance and rewards/punishment, and (3) the enhanced compliance associated with general security policies rather than specific policies (e.g., anti-virus). These findings can be used as a reference point from which future scholarship in this area can be guided.
https://aisel.aisnet.org/hicss-50/in/behavioral_is_security/7