•  
  •  
 
MIS Quarterly Executive

Abstract

IT executives are well aware that formal policies are fundamental to combatting insider cybersecurity threats but struggle to achieve adequate levels of policy compliance from employees. This article identifies which practices for promoting compliance are effective and ineffective and provides actionable recommendations for maximizing employee compliance. Following these recommendations will enable organizations to derive more value from their cybersecurity investments and reduce the financial, reputational and legal risks associated with data breaches and network intrusions.

Share

COinS