Employee Information Security Compliance Survey Questionnaire

2018 ◽  
Author(s):  
Inho Hwang ◽  
Oona Cha
Keyword(s):  
Information Security ◽  
Survey Questionnaire ◽  
Employee Information ◽  
Security Compliance

The Market Value and Reputational Effects from Lost Confidential Information

2015 ◽  
Vol 5 (4) ◽  
Author(s):  
Joseph K. Tanimura ◽  
Eric W. Wehrly
Keyword(s):  
Information Security ◽  
Market Value ◽  
Direct Costs ◽  
Publicly Traded ◽  
Confidential Information ◽  
Publicly Traded Companies ◽  
Security Breaches ◽  
Customer Information ◽  
Employee Information

According to many business publications, firms that experience information security breaches suffer substantial reputational penalties. This paper examines incidents in which confidential information, for a firms customers or employees, is stolen from or lost by publicly traded companies. Firms that experience such breaches suffer statistically significant losses in the market value of their equity. On the whole, the data indicate that these losses are of similar magnitudes to the direct costs. Thus, direct costs, and not reputational penalties, are the primary deterrents to information security breaches. Contrary to many published assertions, on average, firms that lose customer information do not suffer reputational penalties. However, when firms lose employee information, we find significant reputational penalties.

Exploring the Impact of Security Policy on Compliance

2018 ◽  
pp. 256-274 ◽  
Author(s):  
Winfred Yaokumah ◽  
Peace Kumah
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Structural Equation ◽  
Partial Least Square ◽  
Least Square ◽  
Security Monitoring ◽  
Roles And Responsibilities ◽  
Security Compliance ◽  
Security Operations ◽  
The Impact

Extant studies on compliance with security policies have largely ignored the impact of monitoring, security operations, and roles and responsibilities on employees' compliance. This chapter proposes a theoretical model that integrates security policy, monitoring, security operations, and security roles to examine employees' security compliance. Data were collected from 233 IT security and management professionals. Using partial least square structural equation modelling and testing hypotheses, the study finds that information security policy has significant indirect influence on information security compliance. The effect of security policy is fully mediated by security roles, operations security activities, and security monitoring activities. Security policy strongly influences operations security activities and has the greatest effect on security roles and responsibilities. Among the three mediating variables, monitoring has the most significant influence on security compliance. Conversely, the direct impact of security policy on compliance is not significant.

Towards a Student Security Compliance Model (SSCM)

2020 ◽  
pp. 204-216
Author(s):  
Felix Nti Koranteng
Keyword(s):  
Developing Countries ◽  
Information Security ◽  
Predictive Factors ◽  
Security Policy ◽  
Educational Institutions ◽  
Qualitative And Quantitative ◽  
Weakest Link ◽  
Compliance Model ◽  
Security Compliance ◽  
Behavioural Theories

Users are considered the weakest link in ensuring information security (InfoSec). As a result, users' security behaviour remains crucial in many organizations. In response, InfoSec research has produced many behavioural theories targeted at explaining information security policy (ISP) compliance. Meanwhile, these theories mostly draw samples from employees often in developing countries. Such theories are not applicable to students in educational institutions since their psychological orientation with regards to InfoSec is different when compared with employees. Based on this premise, the chapter presents arguments founded on synthesis from existing literature. It proposes a students' security compliance model (SSCM) that attempts to explain predictive factors of students' ISP compliance intentions. The study encourages further research to confirm the proposed relationships using qualitative and quantitative techniques.

scholarly journals Organizational Information Security Management for Sustainable Information Systems: An Unethical Employee Information Security Behavior Perspective

2020 ◽  
Vol 12 (8) ◽  
pp. 3163
Author(s):  
Amanda M. Y. Chu ◽  
Mike K. P. So
Keyword(s):  
Information Systems ◽  
Information Security ◽  
Security Management ◽  
Information Security Management ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Different Types ◽  
Employee Information ◽  
Willingness To Report ◽  
Security Incidents

This article examines the occurrences of four types of unethical employee information security behavior—misbehavior in networks/applications, dangerous Web use, omissive security behavior, and poor access control—and their relationships with employees’ information security management efforts to maintain sustainable information systems in the workplace. In terms of theoretical contributions, this article identifies and develops reliable and valid instruments to measure different types of unethical employee information security behavior. In addition, it investigates factors affecting different types of such behavior and how such behavior can be used to predict employees’ willingness to report information security incidents. In terms of managerial contributions, the article suggests that information security awareness programs and perceived punishment have differential effects on the four types of unethical behavior and that certain types of unethical information security behavior exert negative effects on employees’ willingness to report information security incidents. The findings will help managers to derive better security rules and policies, which are important for business continuity.

Information Security Compliance Behaviour of Supply Chain Stakeholders

2016 ◽  
Vol 9 (1) ◽  
pp. 1-16 ◽  
Author(s):  
Ibrahim Shafiu ◽  
William Yu Chung Wang ◽  
Harminder Singh
Keyword(s):  
Supply Chain ◽  
Information Security ◽  
Qualitative Approach ◽  
Structured Interviews ◽  
Literature Information ◽  
Supply Chain Security ◽  
Management Literature ◽  
Security Compliance ◽  
Organizational Perceptions ◽  
Compliance Behaviour

Supply chain security is an emerging topic in the supply chain management literature. Information security is a key component of supply chain security, and this study aims to identify the factors that influence the compliance behaviour with respect to information security. A related objective is to understand the extent to which compliance was substantive or symbolic. Adopting a qualitative approach, the authors conducted semi-structured interviews with stakeholders based in New Zealand who are involved in international supply chains. The interviews find that compliance behaviour is affected by the influence of other organizations, organizational perceptions of compliance, and the rules and norms of exchange in different contexts. The results also indicate that compliance behaviour is more symbolic than substantive in the supply chain environment.

Sign in / Sign up

Export Citation Format

Share Document