Review of IS Security Policy Compliance: Toward the Building Blocks of an IS Security Theory

Review of IS Security Policy Compliance: Toward the Building Blocks of an IS Security Theory

An understanding of insider threats in information systems (IS) is important to help address one of the dangers lurking within organizations. This article provides a review of the literature on insider compliance (and failure of compliance) with information systems' policies in order to underst...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:ACM SIGMIS Database: the DATABASE for Advances in Information Systems 2017-08, Vol.48 (3), p.11-43
Hauptverfasser: Balozian, Puzant, Leidner, Dorothy
Format: Artikel
Sprache:eng
Schlagworte:
Compliance
Cybersecurity
Environmental engineering
Information systems
Literature reviews
Network security
Philosophy
Studies
Taxonomy
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:An understanding of insider threats in information systems (IS) is important to help address one of the dangers lurking within organizations. This article provides a review of the literature on insider compliance (and failure of compliance) with information systems' policies in order to understand the status of IS research regarding negligent and malicious insiders. We begin by defining the terms, developing a new taxonomy of insiders, and then providing a comprehensive review of articles on IS policy compliance for the past 26 years. Grounding the analysis in the literature, we inductively identify four themes to foster Information Security policy compliance among employees. The themes are: 1) IS management philosophy, 2) procedural countermeasures, 3) technical countermeasures, and 4) environmental countermeasures. We propose that future research can draw upon these themes and use them as the building blocks of an indigenous IS security theory.
ISSN:0095-0033
1532-0936
1532-0936
DOI:10.1145/3130515.3130518