Theses and Dissertations - UTB/UTPA
Creating an information systems security culture through an integrated model of employees compliance
Date of Award
5-2014
Document Type
Dissertation
Degree Name
Doctor of Philosophy (PhD)
Department
Computer Information Systems
First Advisor
Dr. Punit Ahluwalia
Second Advisor
Dr. Francis Kofi Andoh-Baidoo
Third Advisor
Dr. Jun Sun
Abstract
Employees’ non-compliance with information systems security policies has been identified as a major threat to organizational data and information systems. This dissertation investigates the process underlying information systems security compliance in organizations with the focus on employees. The process model is complex, comprising many normative, attitudinal, psychological, environmental, and organizational factors. Therefore, the study of information security compliance requires a holistic assessment of all these factors. This dissertation seeks to achieve this objective by offering a comprehensive and integrated model of employee behavior especially focused towards information security compliance. The research framework is influenced by the Reciprocal Determinism Theory which explains individuals psycho-social functioning in terms of triadic reciprocal causation. Several theories explain the role of various factors forming the intellectual puzzle. These are: General Deterrence Theory, Social-Exchange Theory, Social Learning Theory, Expectation-Disconfirmation Theory, Rational Choice Theory, Cognitive Dissonance Theory, Reactance Theory, and Status-Quo Bias Theory. This dissertation makes several significant contributions to literature and to practitioners. Several new factors that influence compliance decisions by employees have been proposed, namely task dissonance, self-policing, word-of-mouth, and habit. For the first time, top management support has been examined as a multi-dimensional construct which provides a better understanding of the phenomenon. Also for the first time, this dissertation constructs a process model to examine the interactions between punishment severity and certainty and top management support and normative factors. It also investigates the interactions between normative and psychological factors, namely resistance and self-policing on information security compliance. This dissertation emphasizes that the practitioners should consider all the relevant factors in order to manage the information security compliance problem. Therefore, it is more useful to think in terms of establishing a security culture that embodies all the relevant factors prevalent in an organization. The dissertation is guided by positivist paradigm. Hypotheses are tested and validated using established quantitative approaches, namely data collection using survey and structural equation modeling. Major findings were derived and most of the dissertation’s hypotheses were supported. The findings are discussed, and the conclusions, significant theoretical and practical implications of the findings, limitations, and recommendations for future research are presented.
Granting Institution
University of Texas-Pan American
Comments
Copyright 2014 Mohammad I. Merhi. All Rights Reserved.
https://www.proquest.com/dissertations-theses/creating-information-systems-security-culture/docview/1557707943/se-2