In 2014, we launched our open-access repository which offers full text access to conference proceedings from many of our events including the INC and HAISA series. These papers are free to access and distribute (subject to citing the source).
Tenth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016)
Title: Understanding Information Security Compliance - Why Goal Setting and Rewards Might be a Bad Idea
Author(s): Nina Gerber, Ronja McDermott, Melanie Volkamer, Joachim Vogt
Keywords: Information security, Goal Setting, Error Culture, Theory of Planned Behavior
Abstract: Since organizational information security policies can only improve security if employees comply with them, understanding the factors that affect employee security compliance is crucial for strengthening information security. Based on a survey with 200 German employees, we find that reward for production goal achievement negatively impacts security compliance. Whereas a distinct error aversion culture also seems to impair security compliance, the results provide no evidence for an impact of error management culture, affective commitment towards the organization, security policy information quality or quality of the goal setting process. Furthermore, the intention to comply with security policies turns out to be a bad predictor for actual security compliance. We therefore suggest future studies to measure actual behavior instead of behavioral intention.
Download count: 1781
How to get this paper:
PDF copy of this paper is free to download. You may distribute this copy providing you cite this page as the source.