CCE Theses and Dissertations
Date of Award
2015
Document Type
Dissertation
Degree Name
Doctor of Philosophy in Information Systems (DISS)
Department
College of Engineering and Computing
Advisor
Gurvirender P. Tejay
Committee Member
Steven R. Terrell
Committee Member
Marlyn K. Littman
Keywords
Information science, Information technology, Computer science, Compliance, Design, Effectiveness, Exceptional, Experimental, Policy
Abstract
An increasing number of researchers are recognizing the importance of the role played by employees in maintaining the effectiveness of an information security policy. Currently, little research exists to validate the relationship between the actions (behaviors) taken by employees in response to exceptional situations (antecedents) regarding an organization’s information security policy, the impact (consequences) those actions have on an organization, and the motives that prompt those actions. When these exceptional situations occur, employees may feel compelled to engage in behaviors that violate the terms of an information security policy because strict compliance with the policy could cause the organization to lose revenue, reputability or some other business advantage. To address this issue, this research study investigated how to design an effective information security policy for exceptional situations in an organization. In order to achieve this goal, this study explored how an information security policy should be designed with the critical components of clarity, comprehensiveness, ease of use and flexibility, in addition to including provisions for the work contingencies of employees. The aim of this proposed study was to demonstrate how the application principles of the prima-facie, utilitarian and universalizability design theories can aid in designing an information security policy that includes these essential elements. The research study explored the effectiveness of the policy's design and the effect it had on employee compliance with the policy in exceptional situations. A survey questionnaire was administered to a control group and an experimental group consisting of full-time and part-time employees who worked in various departments of a single organization. The survey employed a five-point Likert-type scale. The data gathered from the questionnaire was analyzed. Inferential statistics used the general linear model (GLM), including the t-test, analysis of covariance (ANCOVA), regression analysis, and factor analysis with the latest SPSS version computer statistical analysis program. This study built to develop a model for designing an effective information security policy for exceptional situations in an organization. Based on the analysis of fit the model for designing an effective information security policy for exceptional situations in an organization was determine to be a success model. This study should provide many opportunities for future research, as well as providing information security practitioners and academics a solid roadmap for designing effective information security policies within an organization to apply during exceptional situations.
NSUWorks Citation
George S. Antoniou. 2015. Designing an effective information security policy for exceptional situations in an organization: An experimental study. Doctoral dissertation. Nova Southeastern University. Retrieved from NSUWorks, College of Engineering and Computing. (949)
https://nsuworks.nova.edu/gscis_etd/949.
Included in
Business Administration, Management, and Operations Commons, Business Law, Public Responsibility, and Ethics Commons, Databases and Information Systems Commons, Information Security Commons, Management Information Systems Commons, Strategic Management Policy Commons