Document Type
Dissertation
Degree
Doctor of Business Administration
Major/Program
<--Please Select Department-->
First Advisor's Name
George Marakas
First Advisor's Committee Title
Committee Chair
Second Advisor's Name
Yan Chen
Second Advisor's Committee Title
Committee Member
Third Advisor's Name
Shen Guo
Third Advisor's Committee Title
Committee Member
Fourth Advisor's Name
Min Chen
Fourth Advisor's Committee Title
Committee Member
Keywords
Control Theory, Formal Control, Informal Control, Input Control, Outcome Control, Behavior Control, Clan Control, Self-Control, Information Security Policy Compliance Intentions, Structure Equation Modeling
Date of Defense
5-14-2021
Abstract
With the continued advancement in computer and digital technologies, companies, institutions, and organizations worldwide have leveraged new information technology to increase efficiency and effectiveness for all aspects of their business functions. Oftentimes, the information processed and stored on information systems poses an information security risk to the organization, employees, and clients alike. Therefore, a comprehensive and effective information security management program is essential to protecting data from accidental or intentional exposure to actors who wish to gain access to data to make a profit by selling the information to the highest bidder, utilize the stolen data for their own internal research and development, or use the data to damage a targeted institution for nefarious motives. Employees’ compliance with corporate information security policies is a necessary component to the success of the corporate information security management program. In this study, I adopted the control theory and developed a research model to explain how formal and informal organizational controls affect employees’ intentions to comply with information security policies. To test the model, I collected data from 303 respondents about their perceptions of their organizations’ formal and informal control modes along with their respective intentions to comply with information security policies. SEM-PLS analysis provided results that were only partially in consonance with previous studies and showed some additive effects when control modes were combined into a single model. I found clan control (informal) to have a significant and positive effect. I also found that adding the informal control modes into the model resulted in a different effect by rendering input control (formal) and self-control (informal) insignificant and changing the direction of the relationship of outcome control (formal) and behavior control (formal). In turn, these findings can help organizations set up proper controls to protect themselves from cyber threats and establish the most effective methods of control based on organizational context and control theory to ensure employees’ compliance with the established information security policies of their organizations.
Identifier
FIDC010240
Recommended Citation
Stewart, Shaun Eric, "Managerial Control Effects on Information Security Policy Compliance Intentions: Considerations of Formal and Informal Modes of Control" (2021). FIU Electronic Theses and Dissertations. 4772.
https://digitalcommons.fiu.edu/etd/4772
Rights Statement
In Copyright. URI: http://rightsstatements.org/vocab/InC/1.0/
This Item is protected by copyright and/or related rights. You are free to use this Item in any way that is permitted by the copyright and related rights legislation that applies to your use. For other uses you need to obtain permission from the rights-holder(s).