Employee Perceptions of Information Security Program Non-Compliance Costs
Information security has received increased attention and become significantly more important to organizational leadership and corporate boards for a wide range of reasons including the cost of security compromises, a potentially degraded public image, decreased customer trust, and consistent increases in the volume of proprietary information requiring protection. Human factors are increasingly recognized as critical to the protection of vital organizational information. As such, it is important to gain more insight into employees’ attitudes and perceptions toward organizational security programs, a critical component for safeguarding proprietary organizational information against loss or compromise system failures. This paper presents background literature on Deterrence Theory and links between information security awareness and training with information security program (ISP) compliance behavior. It offers a conceptual model and hypotheses as guidance for assessing employee perceptions of the cost of non-compliance with organizational ISPs.
Brown, Dennis T. and Randolph, Adriane B., "Employee Perceptions of Information Security Program Non-Compliance Costs" (2015). SAIS 2015 Proceedings. 17.