Proposal / Submission Type

Peer Reviewed Paper

Location

Richmond, Virginia

Start Date

11-6-2013 3:10 PM

Abstract

The adoption of computer and internet technology has greatly improved the way businesses operate. However the risk to the confidentiality, integrity and availability of organizational data and systems has greatly increased too. Information security is an ever present concern for all organizations. Financial estimates of the impact of security breaches to information and technology resources range from hundreds of billions to over one trillion dollars each year worldwide (D'Arcy et al., 2011b). Organizations have therefore developed a combination of technical, administrative, and physical controls to reduce this risk (D'Arcy et al., 2011a). Administrative measures include the development of information security policies, which are statements of the roles and responsibilities of the employee to safeguard the information technology resources of their organizations (Bulgurcu et al., 2010). Information security policy provisions include guidelines to employees on what they should do when interacting with information systems so as to secure the data and technology resources of their respective organizations.

 
Jun 11th, 3:10 PM

A Thematic Review of User Compliance with Information Security Policies Literature

Richmond, Virginia

The adoption of computer and internet technology has greatly improved the way businesses operate. However the risk to the confidentiality, integrity and availability of organizational data and systems has greatly increased too. Information security is an ever present concern for all organizations. Financial estimates of the impact of security breaches to information and technology resources range from hundreds of billions to over one trillion dollars each year worldwide (D'Arcy et al., 2011b). Organizations have therefore developed a combination of technical, administrative, and physical controls to reduce this risk (D'Arcy et al., 2011a). Administrative measures include the development of information security policies, which are statements of the roles and responsibilities of the employee to safeguard the information technology resources of their organizations (Bulgurcu et al., 2010). Information security policy provisions include guidelines to employees on what they should do when interacting with information systems so as to secure the data and technology resources of their respective organizations.