Information Security Policy Compliance

  title={Information Security Policy Compliance},
  author={Yuanxiang Li and E. Hoffman},
One of the most challenging problems modern firms face is that their weakest link in maintaining information security is the behavior of employees: clicking on phishing emails, telling friends and family private information, and searching for private information about themselves (Loch, Carr and Warkentin 1992). A survey conducted by the Computer Security Institute reported that the average monetary loss per incident was $288,618 and that 44% of those who responded to the survey reported insider… Expand
7 Citations

Tables from this paper

Revealing the Cyber Security Non-Compliance "Attribution Gulf"
  • PDF
Organisational culture, procedural countermeasures, and employee security behaviour: A qualitative study
  • 21
  • Highly Influenced
  • PDF
Susceptibility to phishing on social network sites: A personality information processing model
  • 4
  • Highly Influenced


Organizations' Information Security Policy Compliance: Stick or Carrot Approach?
  • 194
Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness
  • 652
  • Highly Influential
  • PDF
Protection motivation and deterrence: a framework for security policy compliance in organisations
  • 888
  • Highly Influential
  • PDF
If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security
  • 320
  • PDF
Don't make excuses! Discouraging neutralization to reduce IT policy violation
  • 110
Effective IS Security: An Empirical Study
  • D. Straub
  • Business, Computer Science
  • Inf. Syst. Res.
  • 1990
  • 714
Human factors in information security: The insider threat - Who can you trust these days?
  • C. Colwill
  • Computer Science
  • Inf. Secur. Tech. Rep.
  • 2009
  • 266
  • Highly Influential
  • PDF