User compliance with the organisation's information security policy: a deterrence theory study
Date
2016
Authors
Fachin, Dario
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
In today’s age of increasing cyber-attacks, with even national governments
interests forming cyber warfare departments to defend their countries, there is no
company globally which cannot be prepared for their critical infrastructure or
information to be stolen, destroyed, manipulated or be made unavailable from
various cyber-attacks. In most organisations, the user of the Information Systems
is vital to ensuring that systems are protected by adhering to the Information
Security Policy. Failure to comply with the Information Security Policy by end
users exposes the company to the risk of the loss of sensitive information which
could have major reputational, legal and financial impacts.
The study followed a positivist research philosophy using a hypothetical model to
test various hypotheses. Through the lens of deterrence theory, using a survey
method to gather the information, the hypotheses are tested and analysed to
further understand user compliance with an organisation’s Information Security
Policy.
The findings reveal that some elements of the deterrence theory are strong
predictors to ensuring user compliance within a large global mining firm. The
certainty of being caught for end users and the celerity of not adhering to the
Information Security policy are strong predictors to ensure user compliance. The
awareness of severity for not complying with the Information Security Policy or the
awareness of being monitored is reflected to not be strong predictors to ensure
user compliance. The research is intended to further assist both academics and
practitioners to further their understanding of user compliance to the Information
Security Policy.
Description
MCom Information Systems
Research report
2015
Keywords
Citation
Fachin, Dario (2016) User compliance with the organisation's information security policy: a deterrence theory study, University of the Witwatersrand, Johannesburg <http://wiredspace.wits.ac.za/handle/10539/21795>