Information is essential for every organization. Organizations have identified people as a significant liability to information security governance. The purpose of this generic qualitative inquiry is to understand the constructs that encourage information security policy (ISP) compliance behavior for end-users in businesses as informed by behavioral decision theory (BDT). The certified information systems security professional (CISSP) is rich in information technology (IT) knowledge and the sample population for this study. This generic qualitative inquiry includes open-ended questions in semi-structured interviews with inductive thematic analysis to accumulate and examine participant response information in a way that identifies causative elements of the phenomena under investigation. This inquiry addresses the need for more qualitative study regarding human behavior within empirical information security governance literature. Evoked empirical data from this inquiry suggests cost-benefit calculations must occur at the top management level, so undesired cost-benefit predictions do not happen at the end-user level. Insider threats perceive cost-benefit calculations differently. Deterrence effectiveness to encourage ISP compliance behavior depends on the deterrent. There is a top-down influence on end-user ISP compliance behavior. Training is paramount to promote ISP compliance behavior. Supervisors and middle-management are instrumental towards ensuring end-users comply with policy but are typically end-users themselves. Recommendations for future research include qualitative and quantitative studies regarding ISP compliance or non-compliance behavior.
|Commitee:||Hiley, Michael, Pandya, Shardul|
|Department:||School of Business, Technology and Health Administration|
|School Location:||United States -- Minnesota|
|Source:||DAI-B 82/7(E), Dissertation Abstracts International|
|Keywords:||Certified information systems security professional, Compliance behavior, Cyber security, Cybersecurity, Information assurance, Information security governance|
Copyright in each Dissertation and Thesis is retained by the author. All Rights Reserved
The supplemental file or files you are about to download were provided to ProQuest by the author as part of a
dissertation or thesis. The supplemental files are provided "AS IS" without warranty. ProQuest is not responsible for the
content, format or impact on the supplemental file(s) on our system. in some cases, the file type may be unknown or
may be a .exe file. We recommend caution as you open such files.
Copyright of the original materials contained in the supplemental file is retained by the author and your access to the
supplemental files is subject to the ProQuest Terms and Conditions of use.
Depending on the size of the file(s) you are downloading, the system may take some time to download them. Please be