This paper investigates the impact of the characteristics of information security policy (ISP) on an employee’s security compliance in the workplace. Two factors were proposed as the antecedents of employees’ security compliance: ISP Fairness and ISP Quality. ISP Quality is comprised of three quality dimensions--Clarity, Completeness, and Consistency. It is shown that ISP fairness has a strong positive effect on an employee’s ISP Compliance. In addition, it is found that ISP quality does not only have a strong positive influence on an employee’s ISP compliance but also have a strong influence on an employee’s perceived ISP fairness.
| Construct | Cites | Category | Questions given? | Content validity | Pretests | Response type | Notes |
|---|---|---|---|---|---|---|---|
| Compliance | Bulgurcu et al., 2009, NEW | yes | card sorting exercise and exploratory analysis | none | 7-point Likert scale ranging from "strongly disagree" to "strongly agree" | ||
| Current Compliance | NEW | yes | card sorting exercise and exploratory analysis | none | 7-point scale ranging from "definetely false" to "definetely true" | ||
| ISP Fairness | NEW | ISP Quality | yes | card sorting exercise and exploratory analysis | none | 7 point adjective scale modified with 1. Extremely, 2. Quite, 3. Slightly, 4. Neither, 5. Slightly, 6. Quite, 7. Extremely | |
| ISP Clarity | NEW | ISP Quality | yes | card sorting exercise and exploratory analysis | none | 7 point adjective scale modified with 1. Extremely, 2. Quite, 3. Slightly, 4. Neither, 5. Slightly, 6. Quite, 7. Extremely | |
| ISP Completeness | NEW | ISP Quality | yes | card sorting exercise and exploratory analysis | none | 7 point adjective scale modified with 1. Extremely, 2. Quite, 3. Slightly, 4. Neither, 5. Slightly, 6. Quite, 7. Extremely | |
| ISP Consistency | NEW | ISP Quality | yes | card sorting exercise and exploratory analysis | none | 7 point adjective scale modified with 1. Extremely, 2. Quite, 3. Slightly, 4. Neither, 5. Slightly, 6. Quite, 7. Extremely |
Burcu Bulgurcu, Hasan Cavusoglu, and Izak Benbasat. Quality and Fairness of an Information Security Policy As Antecedents of Employees' Security Engagement in the Workplace: An Empirical Investigation. In System Sciences (HICSS), 2010 43rd Hawaii International Conference On, 1–7. IEEE, 2010. doi:10.1109/HICSS.2010.312.
@inproceedings{bulgurcu_quality_2010,
author = {Bulgurcu, Burcu and Cavusoglu, Hasan and Benbasat, Izak},
booktitle = {System {{Sciences}} ({{HICSS}}), 2010 43rd {{Hawaii International Conference}} On},
doi = {10.1109/HICSS.2010.312},
isbn = {978-1-4244-5509-6},
pages = {1-7},
publisher = {{IEEE}},
shorttitle = {Quality and {{Fairness}} of an {{Information Security Policy As Antecedents}} of {{Employees}}' {{Security Engagement}} in the {{Workplace}}},
title = {Quality and {{Fairness}} of an {{Information Security Policy As Antecedents}} of {{Employees}}' {{Security Engagement}} in the {{Workplace}}: {{An Empirical Investigation}}},
year = {2010}
}