Proposal / Submission Type
Peer Reviewed Paper
Location
Richmond, Virginia
Start Date
11-6-2013 3:10 PM
Abstract
The adoption of computer and internet technology has greatly improved the way businesses operate. However the risk to the confidentiality, integrity and availability of organizational data and systems has greatly increased too. Information security is an ever present concern for all organizations. Financial estimates of the impact of security breaches to information and technology resources range from hundreds of billions to over one trillion dollars each year worldwide (D'Arcy et al., 2011b). Organizations have therefore developed a combination of technical, administrative, and physical controls to reduce this risk (D'Arcy et al., 2011a). Administrative measures include the development of information security policies, which are statements of the roles and responsibilities of the employee to safeguard the information technology resources of their organizations (Bulgurcu et al., 2010). Information security policy provisions include guidelines to employees on what they should do when interacting with information systems so as to secure the data and technology resources of their respective organizations.
Scholarly Commons Citation
Sikolia, David, "A Thematic Review of User Compliance with Information Security Policies Literature" (2013). Annual ADFSL Conference on Digital Forensics, Security and Law. 2.
https://commons.erau.edu/adfsl/2013/tuesday/2
Included in
Computer Engineering Commons, Computer Law Commons, Electrical and Computer Engineering Commons, Forensic Science and Technology Commons, Information Security Commons
A Thematic Review of User Compliance with Information Security Policies Literature
Richmond, Virginia
The adoption of computer and internet technology has greatly improved the way businesses operate. However the risk to the confidentiality, integrity and availability of organizational data and systems has greatly increased too. Information security is an ever present concern for all organizations. Financial estimates of the impact of security breaches to information and technology resources range from hundreds of billions to over one trillion dollars each year worldwide (D'Arcy et al., 2011b). Organizations have therefore developed a combination of technical, administrative, and physical controls to reduce this risk (D'Arcy et al., 2011a). Administrative measures include the development of information security policies, which are statements of the roles and responsibilities of the employee to safeguard the information technology resources of their organizations (Bulgurcu et al., 2010). Information security policy provisions include guidelines to employees on what they should do when interacting with information systems so as to secure the data and technology resources of their respective organizations.
