Affiliation:
1. Lebanese American University, Beirut, Lebanon
2. Baylor University and Lund University, Waco, TX, USA
Abstract
An understanding of insider threats in information systems (IS) is important to help address one of the dangers lurking within organizations. This article provides a review of the literature on insider compliance (and failure of compliance) with information systems' policies in order to understand the status of IS research regarding negligent and malicious insiders. We begin by defining the terms, developing a new taxonomy of insiders, and then providing a comprehensive review of articles on IS policy compliance for the past 26 years. Grounding the analysis in the literature, we inductively identify four themes to foster Information Security policy compliance among employees. The themes are: 1) IS management philosophy, 2) procedural countermeasures, 3) technical countermeasures, and 4) environmental countermeasures. We propose that future research can draw upon these themes and use them as the building blocks of an indigenous IS security theory.
Publisher
Association for Computing Machinery (ACM)
Subject
Computer Networks and Communications,Management Information Systems
Reference104 articles.
1. Clarifying the effects of Internet monitoring on job attitudes: The mediating role of employee trust
2. The Carrot or the Stick: Rewards, Punishments, and Cooperation
3. Modeling IT Ethics: A Study in Situational Ethics
4. BBC News (2015 July 20). "Ashley Madison Infidelity Site's Customer Data Stolen." Retrieved April 9 2016 from http://www.bbc.com/news/technology-33592594 BBC News (2015 July 20). "Ashley Madison Infidelity Site's Customer Data Stolen." Retrieved April 9 2016 from http://www.bbc.com/news/technology-33592594
5. If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security
Cited by
42 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献