EFFECTS OF SANCTION ON THE MENTALITY OF INFORMATION SECURITY POLICY COMPLIANCE

2020 REVISTA ARGENTINA DE CLINICA PSICOLOGICA  
The employees' violation of information security policy (ISP) poses a major threat to the information resources of the employer. This paper constructs an integrated framework based on the theories on rational choice and general deterrence, and applies it to explain effects on sanction on ISP violation by employees. The model was tested by a scenario-based experiment on 320 employees from two universities and three companies in China. The results show that the certainty, severity and celerity of
more » ... sanction have positive impacts on ISP compliance; the relationship between sanction severity and ISP compliance is mediated by the cost of noncompliance, and sanction celerity. The research findings have important theoretical and practical implications on the ISP compliance.
doi:10.24205/03276716.2020.6 fatcat:re43rvaapnbwlihaaox2zovwfe