Volume 29, Issue 1
EFFECTS OF SANCTION ON THE MENTALITY OF INFORMATION SECURITY POLICY COMPLIANCE
The employees’ violation of information security policy (ISP) poses a major threat to the information resources of the employer. This paper constructs an integrated framework based on the theories on rational choice and general deterrence, and applies it to explain effects on sanction on ISP violation by employees. The model was tested by a scenario-based experiment on 320 employees from two universities and three companies in China. The results show that the certainty, severity and celerity of sanction have positive impacts on ISP compliance; the relationship between sanction severity and ISP compliance is mediated by the cost of noncompliance, and sanction celerity. The research findings have important theoretical and practical implications on the ISP compliance.
Information Security Behaviors, Information Security, Behavior Intention.