MIS Quarterly Executive


IT executives are well aware that formal policies are fundamental to combatting insider cybersecurity threats but struggle to achieve adequate levels of policy compliance from employees. This article identifies which practices for promoting compliance are effective and ineffective and provides actionable recommendations for maximizing employee compliance. Following these recommendations will enable organizations to derive more value from their cybersecurity investments and reduce the financial, reputational and legal risks associated with data breaches and network intrusions.



When commenting on articles, please be friendly, welcoming, respectful and abide by the AIS eLibrary Discussion Thread Code of Conduct posted here.