CCE Theses and Dissertations

Date of Award


Document Type


Degree Name

Doctor of Philosophy in Information Systems (DISS)


College of Engineering and Computing


Gurvirender P. Tejay

Committee Member

Steven R. Terrell

Committee Member

Marlyn K. Littman


Information science, Information technology, Computer science, Compliance, Design, Effectiveness, Exceptional, Experimental, Policy


An increasing number of researchers are recognizing the importance of the role played by employees in maintaining the effectiveness of an information security policy. Currently, little research exists to validate the relationship between the actions (behaviors) taken by employees in response to exceptional situations (antecedents) regarding an organization’s information security policy, the impact (consequences) those actions have on an organization, and the motives that prompt those actions. When these exceptional situations occur, employees may feel compelled to engage in behaviors that violate the terms of an information security policy because strict compliance with the policy could cause the organization to lose revenue, reputability or some other business advantage. To address this issue, this research study investigated how to design an effective information security policy for exceptional situations in an organization. In order to achieve this goal, this study explored how an information security policy should be designed with the critical components of clarity, comprehensiveness, ease of use and flexibility, in addition to including provisions for the work contingencies of employees. The aim of this proposed study was to demonstrate how the application principles of the prima-facie, utilitarian and universalizability design theories can aid in designing an information security policy that includes these essential elements. The research study explored the effectiveness of the policy's design and the effect it had on employee compliance with the policy in exceptional situations. A survey questionnaire was administered to a control group and an experimental group consisting of full-time and part-time employees who worked in various departments of a single organization. The survey employed a five-point Likert-type scale. The data gathered from the questionnaire was analyzed. Inferential statistics used the general linear model (GLM), including the t-test, analysis of covariance (ANCOVA), regression analysis, and factor analysis with the latest SPSS version computer statistical analysis program. This study built to develop a model for designing an effective information security policy for exceptional situations in an organization. Based on the analysis of fit the model for designing an effective information security policy for exceptional situations in an organization was determine to be a success model. This study should provide many opportunities for future research, as well as providing information security practitioners and academics a solid roadmap for designing effective information security policies within an organization to apply during exceptional situations.