Advanced

Review of IS security policy compliance : Toward the building blocks of an IS asecurity theory

Balozian, Puzant and Leidner, Dorothy LU (2017) In Data Base for Advances in Information Systems 48(3). p.11-43
Abstract

An understanding of insider threats in information systems (IS) is important to help address one of the dangers lurking within organizations. This article provides a review of the literature on insider compliance (and failure of compliance) with information systems' policies in order to understand the status of IS research regarding negligent and malicious insiders. We begin by defining the terms, developing a new taxonomy of insiders, and then providing a comprehensive review of articles on IS policy compliance for the past 26 years. Grounding the analysis in the literature, we inductively identify four themes to foster Information Security policy compliance among employees. The themes are: 1) IS management philosophy, 2) procedural... (More)

An understanding of insider threats in information systems (IS) is important to help address one of the dangers lurking within organizations. This article provides a review of the literature on insider compliance (and failure of compliance) with information systems' policies in order to understand the status of IS research regarding negligent and malicious insiders. We begin by defining the terms, developing a new taxonomy of insiders, and then providing a comprehensive review of articles on IS policy compliance for the past 26 years. Grounding the analysis in the literature, we inductively identify four themes to foster Information Security policy compliance among employees. The themes are: 1) IS management philosophy, 2) procedural countermeasures, 3) technical countermeasures, and 4) environmental countermeasures. We propose that future research can draw upon these themes and use them as the building blocks of an indigenous IS security theory.

(Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Contribution to journal
publication status
published
subject
keywords
Compliance, Information Systems Security, Information Systems Security Policy, Insider Threat, Noncompliance, Review
in
Data Base for Advances in Information Systems
volume
48
issue
3
pages
33 pages
external identifiers
  • scopus:85027410441
ISSN
0095-0033
language
English
LU publication?
yes
id
a0a19509-db82-4123-b02b-3129bec3572e
date added to LUP
2017-08-29 15:08:04
date last changed
2018-01-07 12:16:26
@article{a0a19509-db82-4123-b02b-3129bec3572e,
  abstract     = {<p>An understanding of insider threats in information systems (IS) is important to help address one of the dangers lurking within organizations. This article provides a review of the literature on insider compliance (and failure of compliance) with information systems' policies in order to understand the status of IS research regarding negligent and malicious insiders. We begin by defining the terms, developing a new taxonomy of insiders, and then providing a comprehensive review of articles on IS policy compliance for the past 26 years. Grounding the analysis in the literature, we inductively identify four themes to foster Information Security policy compliance among employees. The themes are: 1) IS management philosophy, 2) procedural countermeasures, 3) technical countermeasures, and 4) environmental countermeasures. We propose that future research can draw upon these themes and use them as the building blocks of an indigenous IS security theory.</p>},
  author       = {Balozian, Puzant and Leidner, Dorothy},
  issn         = {0095-0033},
  keyword      = {Compliance,Information Systems Security,Information Systems Security Policy,Insider Threat,Noncompliance,Review},
  language     = {eng},
  month        = {08},
  number       = {3},
  pages        = {11--43},
  series       = {Data Base for Advances in Information Systems},
  title        = {Review of IS security policy compliance : Toward the building blocks of an IS asecurity theory},
  volume       = {48},
  year         = {2017},
}