Date of Award


Document Type

Open Access Honors Thesis

Degree Name

Bachelor of Science in Management


Management Science and Information Systems


Ramakrishna Ayyagari


Jeffrey Keisler

Subject Categories

Management Information Systems


In this digital era, information has become a very important component to any type of organizations. For some, it is not only an important component of daily routine operations but also required for competitive advantage. From big corporations to small businesses, non-profit organizations and governments, organizations need to safeguard and secure their information by implementing information security policies and make sure that all employees comply with such policies.

Since information is growing faster than in the previous decades, there is a need to safeguard and manage that information efficiently and effectively in order to make it useful. One of the ways to have reliable and useful information is to protect and secure it by following organizations’ information systems security policies. Bulgurcu et al. remark that understanding compliance behavior is crucial for organizations that want to leverage their human capital as employees behave differently therefore comply differently with IS security policies. Previous research has shown that employees violation of IS security policies is due to negligence and/or ignorance of the IS security policies on the part of employees.

The 2012 Data Breach Investigation Report, a study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and United States Secret Service says that nearly 90% of the reported total of 855 breaches are a result of deliberate and malicious employee actions. These internal Insiders are trusted and privileged at different security levels. They include company executives, employees, independent contractors, interns, etc.

In order to maintain compliance standards with information security policies, managers have to make decisions on the use of effective techniques to deal with non-compliance; these include correctional responses like sanctions, information security training or additional systems security features and layers (with the associated costs to the organization that include less flexibility in routine operations). To achieve that, they need to assess and understand factors behind employees’ non compliance in order to address it efficiently.

Creative Commons License

Creative Commons Attribution-Noncommercial-Share Alike 3.0 License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.