A Study of Employees’ Information Security Policy Violation and Rational Choice Theory: The Case of Ethiopia
No Thumbnail Available
Date
2017-02-01
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa Unversity
Abstract
Nowadays, it becomes clear that information systems security (ISS) is one of the most
important issues that organizations need to focus on. Despite huge investments made by
companies to keep their information systems (IS) safe, there are many ISS breaches that
infiltrate companies’ systems and consequently, these cost their reputation, affect
customers’ confidence, and bring huge financial losses. Ethiopian companies are not
immune to the ISS problem and there are some signs of ISS breaches. The ISS literature
suggests that almost all investments in ISS related issues are for technological solutions.
However, this type of solutions alone does not work well, and according to some
researchers, there is one significant element that has been given very little attention, the
human factor. Most of the ISS breaches are caused by employees who are the legitimate
users of organizations’ IS. So “how can we counter the illegal action of our own
employees?” is the main agenda this research tries to address. Many researchers advocate
the use of deterrence mechanisms to decrease the employees’ noncompliance problem.
Despite these findings, there is a lot of research output that reported the inability of the
deterrent countermeasures alone to protect IS from security breaches. And more
importantly, some researchers point out that different cultures require different ISS
interventions. Interestingly, in the last decade, some researchers have studied how culture
can influence people’s intention towards ISSP (information systems security policy)
compliance. However, most of the current ISS (information systems security) studies
assume that deterrent countermeasures’ effect is uniform across countries and culture. This
situation identifies a gap that needs to be bridged, and this study address the issue by raising
the question “To what extent, if any, national culture moderates the influence of formal
iv
sanctions, perceived benefits, moral beliefs, and shame on employees’ intention to violate
ISSP?” We use survey method to collect data and SPSS Amos to conduct SEM (Structural
Equation Modeling) based data analysis. Finally, we get results that show the moderating
impact of national culture on the influence of formal sanctions, perceived benefits, moral
beliefs, and shame on employees’ intention to violate ISSP.
Description
Keywords
General Deterrence Theory (GDT), Information Systems Security (ISS), Information Systems Security Policy (ISSP), Intention to Violate ISSP, Insiders, National Culture, Rational Choice Theory (RCT).