首页    期刊浏览 2024年11月28日 星期四
登录注册

文章基本信息

  • 标题:Improving Employees' Compliance Through Information Systems Security Training: An Action Research Study
  • 本地全文:下载
  • 作者:Puhakainen, Petri ; Siponen, Mikko
  • 期刊名称:Management Information Systems Quarterly
  • 出版年度:2010
  • 卷号:34
  • 期号:4
  • 页码:757-778
  • 出版社:Association for Information Systems
  • 摘要:Employee noncompliance with information systems security policies is a key concern for organizations. If users do not comply with IS security policies, security solutions lose their efficacy. Of the different IS security policy compliance approaches, training is the most commonly suggested in the literature. Yet, few of the existing studies about training to promote IS policy compliance utilize theory to explain what learning principles affect user compliance with IS security policies, or offer empirical evidence of their practical effectiveness. Consequently, there is a need for IS security training approaches that are theory-based and empirically evaluated. Accordingly, we propose a training program based on two theories: the universal constructive instructional theory and the elaboration likelihood model. We then validate the training program for IS security policy compliance training through an action research project. The action research intervention suggests that the theory-based training achieved positive results and was practical to deploy. Moreover, the intervention suggests that information security training should utilize contents and methods that activate and motivate the learners to systematic cognitive processing of information they receive during the training. In addition, the action research study made clear that a continuous communication process was also required to improve user IS security policy compliance. The findings of this study offer new insights for scholars and practitioners involved in IS security policy compliance.
  • 关键词:IS security; IS security training; employees’ compliance with security policies
国家哲学社会科学文献中心版权所有