User compliance with the organisation's information security policy: a deterrence theory study
In today’s age of increasing cyber-attacks, with even national governments interests forming cyber warfare departments to defend their countries, there is no company globally which cannot be prepared for their critical infrastructure or information to be stolen, destroyed, manipulated or be made unavailable from various cyber-attacks. In most organisations, the user of the Information Systems is vital to ensuring that systems are protected by adhering to the Information Security Policy. Failure to comply with the Information Security Policy by end users exposes the company to the risk of the loss of sensitive information which could have major reputational, legal and financial impacts. The study followed a positivist research philosophy using a hypothetical model to test various hypotheses. Through the lens of deterrence theory, using a survey method to gather the information, the hypotheses are tested and analysed to further understand user compliance with an organisation’s Information Security Policy. The findings reveal that some elements of the deterrence theory are strong predictors to ensuring user compliance within a large global mining firm. The certainty of being caught for end users and the celerity of not adhering to the Information Security policy are strong predictors to ensure user compliance. The awareness of severity for not complying with the Information Security Policy or the awareness of being monitored is reflected to not be strong predictors to ensure user compliance. The research is intended to further assist both academics and practitioners to further their understanding of user compliance to the Information Security Policy.
MCom Information Systems Research report 2015
Fachin, Dario (2016) User compliance with the organisation's information security policy: a deterrence theory study, University of the Witwatersrand, Johannesburg <http://wiredspace.wits.ac.za/handle/10539/21795>