Information security policy and information security training are vital parts for maximizing information systems security (Dhillon and Backhouse, 2000; Rezgui and Marks, 2008; Siponen, 2001; Straub and Welke, 1998). However, employees not adhering to security policies and not practicing what they learned in training can lead to unintentional mistakes and financial losses for organizations (CSI, 2010). This research investigates Deterrence Theory’s shaming as a technique for encouraging employees to adhere more to information security policies and training. Results indicate that employees find peer shaming punishments more severe than typical corporate punishment methods. Implications are that employers using peer shaming as a punishment technique may see better security policy and training adherence.
Harris, Mark A., "Shaming as a Technique for Information Security Policy and Training Adherence" (2012). SAIS 2012 Proceedings. 16.