The antecedents of information security policy compliance

Bulgurcu, Burcu

11 1900

Information security is one of the major challenges for organizations that critically depend on information systems to conduct their businesses. Ensuring safety of information and technology resources has become the top priority for many organizations since the consequences of failure can be devastating. Many organizations recognize that their employees, who are often considered as the weakest link in information security, can be a great resource as well to fight against information security-related risks. The key, however, is to ensure that employees comply with information security related rules and regulations of the organization. Therefore, understanding of compliance behavior of an employee is crucial for organizations to effectively leverage their human capital to strengthen their information security. This research aims at identifying antecedences of an employee’s compliance with the information security policy (ISP) of his/her organization. Specifically, we address how employees without any malicious intent choose to comply with requirements of the ISP with regards to protecting the information and technology resources of their organizations. Drawing on the Theory of Planned Behavior, we show an employee’s attitude towards compliance results in his/her intention to comply with the ISP. Of those, Benefit of Compliance and Cost of Non-Compliance are shown to be shaped by positive and negative reinforcing factors; such as, Intrinsic Benefit, Safety of Resources, Rewards and Intrinsic Cost, Vulnerability of Resources, and Sanctions, respectively. We also investigate the role of information security awareness on an employee’s ISP compliance behavior. As expected, we show that information security awareness positively influences attitude towards compliance. We also show that information security awareness positively influences the perception of reinforcing factors and negatively increases perception of the Cost of Compliance. As organizations strive to get their employees to follow their information security rules and regulations, our study sheds light on the role of an employee’s information security awareness and his/her beliefs about the rationality of compliance and non-compliance with the ISP.

Information security awareness

Information security management

Information security behavioral Issues

The antecedents of information security policy compliance

Bulgurcu, Burcu

11 1900

Information security is one of the major challenges for organizations that critically depend on information systems to conduct their businesses. Ensuring safety of information and technology resources has become the top priority for many organizations since the consequences of failure can be devastating. Many organizations recognize that their employees, who are often considered as the weakest link in information security, can be a great resource as well to fight against information security-related risks. The key, however, is to ensure that employees comply with information security related rules and regulations of the organization. Therefore, understanding of compliance behavior of an employee is crucial for organizations to effectively leverage their human capital to strengthen their information security. This research aims at identifying antecedences of an employee’s compliance with the information security policy (ISP) of his/her organization. Specifically, we address how employees without any malicious intent choose to comply with requirements of the ISP with regards to protecting the information and technology resources of their organizations. Drawing on the Theory of Planned Behavior, we show an employee’s attitude towards compliance results in his/her intention to comply with the ISP. Of those, Benefit of Compliance and Cost of Non-Compliance are shown to be shaped by positive and negative reinforcing factors; such as, Intrinsic Benefit, Safety of Resources, Rewards and Intrinsic Cost, Vulnerability of Resources, and Sanctions, respectively. We also investigate the role of information security awareness on an employee’s ISP compliance behavior. As expected, we show that information security awareness positively influences attitude towards compliance. We also show that information security awareness positively influences the perception of reinforcing factors and negatively increases perception of the Cost of Compliance. As organizations strive to get their employees to follow their information security rules and regulations, our study sheds light on the role of an employee’s information security awareness and his/her beliefs about the rationality of compliance and non-compliance with the ISP.

Information security awareness

Information security management

Information security behavioral Issues

The antecedents of information security policy compliance

Bulgurcu, Burcu

11 1900

Information security is one of the major challenges for organizations that critically depend on information systems to conduct their businesses. Ensuring safety of information and technology resources has become the top priority for many organizations since the consequences of failure can be devastating. Many organizations recognize that their employees, who are often considered as the weakest link in information security, can be a great resource as well to fight against information security-related risks. The key, however, is to ensure that employees comply with information security related rules and regulations of the organization. Therefore, understanding of compliance behavior of an employee is crucial for organizations to effectively leverage their human capital to strengthen their information security. This research aims at identifying antecedences of an employee’s compliance with the information security policy (ISP) of his/her organization. Specifically, we address how employees without any malicious intent choose to comply with requirements of the ISP with regards to protecting the information and technology resources of their organizations. Drawing on the Theory of Planned Behavior, we show an employee’s attitude towards compliance results in his/her intention to comply with the ISP. Of those, Benefit of Compliance and Cost of Non-Compliance are shown to be shaped by positive and negative reinforcing factors; such as, Intrinsic Benefit, Safety of Resources, Rewards and Intrinsic Cost, Vulnerability of Resources, and Sanctions, respectively. We also investigate the role of information security awareness on an employee’s ISP compliance behavior. As expected, we show that information security awareness positively influences attitude towards compliance. We also show that information security awareness positively influences the perception of reinforcing factors and negatively increases perception of the Cost of Compliance. As organizations strive to get their employees to follow their information security rules and regulations, our study sheds light on the role of an employee’s information security awareness and his/her beliefs about the rationality of compliance and non-compliance with the ISP. / Business, Sauder School of / Graduate

Information security awareness

Information security management

Information security behavioral Issues

Family Stress Factors and Behavior Problems of Children

Springer, Verlene

08 1900

This study examined the relationship among the factors of parental stress, marital adjustment, life event stress, and behavior problems of children and whether the sources and levels of parental stress, marital adjustment, and life event stress differed among families of children with . behavior problems and families whose children did not experience behavior problems. The subjects for this study were 60 mothers and their children from the North Texas metropolitan area chosen from two populations. Group I was composed of mothers of 30 children referred to a university related counseling center for behavior problems. Group II was composed of 30 mothers of children identified as not experiencing difficulty. Each mother completed the Parenting Stress Index (PSI), Short Marital Adjustment Test (SMAT), and Social Readjustment Rating Questionnaire (SRRQ). Hotellings T tests were used to determine whether the groups differed on sources and levels of parenting stress, marital adjustment, and life event stress. The groups differed significantly on the variables of sources and levels of parenting stress but not on marital adjustment or life event stress. The multiple regression technique was used to determine which variable or combination of variables would predict group membership. Parenting stress was found to be the best predictor of group membership. Based on this study, mothers who have a child with behavior problems do have an increased level of parenting stress. This increased level of stress is related to characteristics of their child and to their own personal characteristics. Those mothers who experience increased levels of parenting stress do not experience significantly less satisfaction in their marriages nor do their children experience more stressful life events than other children.

anxiety

family stress

childrens' behavioral issues

Problem children.

Dysfunctional families.

Stress (Psychology)

Strategies for Effective Mitigation of Infectious Diseases, with Focus on COVID-19

Rabil, Marie Jeanne

07 October 2024

We present a comprehensive approach to designing and optimizing infectious disease mitigation strategies, with a focus on COVID-19 and closed communities like college campuses. By integrating vaccination and routine screening, we first develop a model to evaluate the efficacy of various strategies in reducing infections, hospitalizations, and deaths on a college campus during the Fall 2021 semester. The findings emphasize the importance of customizing interventions based on factors such as initial vaccine coverage, vaccine effectiveness, compliance rates, and disease transmission dynamics. As COVID-19 variants continue to emerge, we highlight the necessity for adaptive screening strategies that account for the existing variants and differences in transmission and outcomes among population groups, such as faculty/staff, and students, based on their vaccination status and level of natural immunity. Using the Spring 2022 academic semester as a case study, we study various routine screening strategies and find that screening faculty and staff less frequently than students, and/or screening the boosted and vaccinated less frequently than the unvaccinated, may avert a higher number of infections per test compared to universal screening of the entire population at a common frequency. We also discuss key policy issues, including the need to revisit the mitigation objectives over time and determine if and when screening alone can compensate for low booster coverage. In contexts where mandates are not feasible and vaccine hesitancy is prevalent, we explore the role of voluntary vaccination compliance, supported by monetary incentives and routine screening. We introduce an optimization framework that considers the dual role of screening as both a mitigation tool and a non-monetary incentive. This framework necessitates a novel optimization model for incentive design, integrated with a utility-based decision model that accounts for resource constraints and uncertainties in community response to mitigation efforts. We establish structural properties of Pareto sets of strategies and analyze how they adjust with community characteristics, leading to key insights. Our findings offer actionable strategies for diverse communities and underscore the substantial value of tailoring mitigation efforts to community characteristics and incorporating the incentive effect of routine screening. Overall, this research provides actionable insights into the development of targeted and adaptive mitigation strategies that can be applied in diverse community settings, ensuring safe operations and effective disease control amidst evolving epidemiological challenges. The methodologies and insights from our study are poised to inform and guide the design of mitigation strategies in a variety of institution and community settings, contributing significantly to the collective efforts against infectious diseases. / Doctor of Philosophy / This research focuses on developing strategies to reduce the spread of infectious diseases like COVID-19, particularly in communities such as college campuses. We explore how combining vaccination and regular testing can help reduce the number of infections, hospitalizations, and deaths. By studying different approaches during the Fall 2021 semester, we found that strategies need to be adjusted based on factors like how many people are vaccinated, how effective the vaccines are, and how willing people are to follow the guidelines. As new COVID-19 variants appear, it is important to adapt testing plans based on how these variants spread and how they affect different groups, such as students and faculty, depending on their vaccination and immunity levels. In our study of the Spring 2022 semester, we found that testing faculty less frequently than students, or testing those who are vaccinated less often than those who are unvaccinated, can be more effective than testing everyone at the same rate. We also discuss when testing alone might be enough if vaccination rates are low. In situations where vaccines aren't mandatory and some people are hesitant to get vaccinated, we explore how offering a monetary incentive and regular testing can encourage more people to get vaccinated. We introduce a model that helps decision makers choose the best monetary incentive amount and testing rate, considering the dual role of testing both as a health measure and as an incentive to encourage vaccination. Our findings show that communities can benefit from strategies that are tailored to their specific needs and that include both vaccination incentives and testing. Overall, this research provides practical recommendations for creating flexible strategies that help communities stay safe and control the spread of disease, even as conditions change.

infectious disease

COVID-19

mitigation

screening

nudge mechanism

chance-constrained optimization

compartmental model

behavioral issues

Group Therapy for Externalizing Behavior Problems in Youth: A Meta-Analysis

Arnold, Rachel Anne

22 June 2023

Externalizing behavior problems are a common concern among youth and can be associated with significant problems. As such, the need for effective treatment is evident. While research on psychosocial interventions has been promising, the specific efficacy of youth group therapy has not been assessed in a meta-analysis. Objectives: to assess group therapy's efficacy for youth with behavioral issues and whether treatment effects are moderated by study, patient, leader, or group characteristics. Method: major databases were used to identify and screen potential articles based on inclusion criteria. Included studied were analyzed in a random effects meta-analysis, and potential moderators were assessed. Results: we analyzed 30 studies representing 2,818 youth with behavior problems. Group therapy showed a significant, small effect (g = 0.47) on externalizing behavior concerns (EBCs). There were also significant effects on several secondary outcomes including aggressive cognitions, anger, internalizing symptoms, and social skills/interpersonal functioning. The only significant moderating variables was the inclusion of a parent component to treatment, with group treatments including a parent component being less effective. Discussion: this meta-analysis provides promising evidence on the efficacy of group therapy, with outcomes being comparable to what has been reported in past meta-analyses on psychosocial treatments for behavior problems. Future research is needed to clarify discrepancies in the literature, replicate the present findings, and otherwise understand the ideal treatments.

behavioral issues

aggression

group psychotherapy

meta-analysis

Family, Life Course, and Society