English  |  正體中文  |  简体中文  |  Items with full text/Total items : 51258/86283 (59%)
Visitors : 8024841      Online Users : 80
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library & TKU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
  • Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version
    Please use this identifier to cite or link to this item: http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/107222


    Title: Ensuring employees' ISP compliance: A combination of deterrence and regulatory focus approach
    Authors: Shih, Sheng-Pao;Hsu, Jack Shih-Chieh;Huang, Hsin-Yi;Peng, Cheng-Hui
    Date: 2016-04-05
    Issue Date: 2016-08-18 13:34:41 (UTC+8)
    Abstract: Deterrence theory has been widely applied in information security behavioral research. In organizations,
    employees’ information security policy (ISP) compliance is definitely an important information security
    behavior. To explore employees’ ISP compliance, previous information security behavioral studies
    mainly based on the perspective of sanctions from deterrence theory; however, these studies have
    inconsistent results of deterrence effect, which mean that the direct effects of deterrence on employees’
    information security behaviors are not universally applicable in all organization settings [1]. In addition,
    while most ISP compliance studies applied deterrence theory focus on the impacts of deterrence (i.e.
    punishment severity and detection certainty) on ISP compliance behaviors, these studies ignored the fact
    that, different individuals tend to have two fundamental needs: nurturance and security [2], that may
    affect the magnitude of the impact of deterrence on ISP compliance behaviors. Regulatory focus theory
    explains the needs and formulates two different regulatory foci: promotion and prevention. Promotion
    focus is more associated with need for growth and achievement, whereas prevention focus is more
    driven by security needs. In view of aforementioned research gaps, based on the deterrence theory and
    regulatory focus theory, this study tries to understand the effect of different regulatory focus on the
    relationship between deterrence and employees’ ISP compliance intention. We collected data through a
    questionnaire survey from the employees working in high tech industry in Taiwan. The results show that
    detection certainty and punishment severity positively affect ISP compliance intention. The relationship
    between punishment severity and ISP compliance intention is moderated by prevention focus and the
    relationship between detection certainty and ISP compliance intention is moderated by promotion focus.
    This study provides an in-depth understanding of deterrence in ISP compliance context while suggesting
    that regulatory focus plays an important role in affecting employees’ compliance with information
    security policy. Implications for both academic and practice are also highlighted to address the
    moderating effects on the relationship between deterrence and ISP compliance intention
    Relation: Proceedings of Forty-Fifth Annual Conference of the Western Decision Sciences Institute , pp.173-188
    Appears in Collections:[資訊管理學系暨研究所] 會議論文

    Files in This Item:

    There are no files associated with this item.

    All items in 機構典藏 are protected by copyright, with all rights reserved.


    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library & TKU Library IR teams. Copyright ©   - Feedback