A Cross Industry Study: Differences in Information Security Policy Compliance between the Banking Industry and Higher Education

Presenter Information

Hwee-Joo Kam, Ferris State University, Big Rapids, MI, United States.Follow
Pairin Katerattanakul, Western Michigan University, Kalamazoo, MI, United States.Follow
Greg Gogolin, Ferris State University, Big Rapids, MI, United States.Follow

Start Date

12-17-2013

Description

This study adopts Neo-Institutional Theory (NIT) to address the underlying differences in information security policy compliance between the banking industry and higher education. Drawing on NIT, this study examines how regulative, normative, and cognitive expectations effect internal organizational efforts of staying compliant across both industries. Using Partial Least Square (PLS) method, the analysis results suggest that both industries rely on the interrelations between regulative and normative expectations to propel the organizational efforts of attaining compliance. However, the main difference lies within cognitive expectation. In the institution of higher education, cognitive expectation influences regulative expectation that subsequently drives information security policies compliance. On the other hand, cognitive expectation reflects on the regulatory pressure in the banking industry. Given these findings, this study provides suggestions to policy makers for promoting information security policy compliance across industries.

Recommended Citation

Kam, Hwee-Joo; Katerattanakul, Pairin; and Gogolin, Greg, "A Cross Industry Study: Differences in Information Security Policy Compliance between the Banking Industry and Higher Education" (2013). ICIS 2013 Proceedings. 4.
https://aisel.aisnet.org/icis2013/proceedings/SecurityOfIS/4