NotesFAQContact Us
Search Tips
ERIC Number: ED562986
Record Type: Non-Journal
Publication Date: 2013
Pages: 115
Abstractor: As Provided
Reference Count: N/A
ISBN: 978-1-3034-8025-6
Toward a Theory of Employee Compliance with Information Security Policies: A Grounded Theory Methodology
Sikolia, David Wafula
ProQuest LLC, Ph.D. Dissertation, Oklahoma State University
User non-compliance with information security policies in organizations due to negligence or ignorance is reported as a key data security problem for organizations. The violation of the confidentiality, integrity and availability of organizational data has led to losses in millions of dollars for organizations in terms of money and time spent correcting the problem. Research on employee violation of information security policies has focused on non-compliance due to poor training, low employee motivation, weak effective commitment, or individual oversight. Theoretical foundations applied to this phenomenon include deterrence, reasoned action, planned behavior, protection motivation, self-efficacy, individual adoption factors, organizational commitment and other individual cognitive factors. However, the findings from some of the studies are contradictory. Furthermore, no parsimonious theory explains nor predicts employee compliance with information security policies. This study addresses this problem by building a theoretical model grounded in data using grounded theory methodology. Seed concepts from High Performance Work Systems (HPWS) were used to develop the initial questions for the structured interviews. Four rounds of interviews over a period of one year were carried out as well as iterative data analysis. Data analysis consisted of open coding, selective coding and theoretical coding. The findings indicate organizations need to create a supportive organizational culture, conduct appropriate training, clearly communicate deterrence measures and design job tasks aligned with the information security policies. These measures will impact individual employee's engagement, knowledge, perception of the ramifications and self-efficacy. Information technology plays a moderating role between organization practices and the individual cognitive factors. These cognitive factors will in turn have an effect on the individual employees' compliance with the information security policies. [The dissertation citations contained here are published with the permission of ProQuest LLC. Further reproduction is prohibited without permission. Copies of dissertations may be obtained by Telephone (800) 1-800-521-0600. Web page:]
ProQuest LLC. 789 East Eisenhower Parkway, P.O. Box 1346, Ann Arbor, MI 48106. Tel: 800-521-0600; Web site:
Publication Type: Dissertations/Theses - Doctoral Dissertations
Education Level: N/A
Audience: N/A
Language: English
Sponsor: N/A
Authoring Institution: N/A