Tag: information security policy
Note: This is not a full review but rather a quicker analysis to see if this publication is suitable enough for the assignment
INFORMATION SECURITY POLICY COMPLIANCE: AN EMPIRICAL STUDY OF RATIONALITY-BASED BELIEFS AND INFORMATION SECURITY AWARENESS
Burcu Bulgurcu – Sauder School of Business University of British Columbia Vancouver, BC V6T 1Z2 CANADA – firstname.lastname@example.org
Hasan Cavusoglu – Sauder School of Business University of British Columbia Vancouver, BC V6T 1Z2 CANADA – email@example.com
Izak Benbasat Sauder – School of Business University of British Columbia Vancouver, BC V6T 1Z2 CANADA – firstname.lastname@example.org
Researching UBC tells me that it’s a high ranking university and checking the emails shows me that they were in fact all registered there at some point. Further research of other field-related publications by each of the authors, and LinkedIn profiles of the authors lead me to believe they are credible to publish information relating to their field of knowledge.
From the abstract i got the following information very easily:
What is the research topic?
Employees in relation to information security and how policies, staff tendencies have an effect on information security.
What did the authors do?
They examined previous literature, research, then generated models & theories which they tested by doing their own research in the form of surveys.
What they discovered
Organizations should create appropriate training and security awareness programs that ensure employees’ information security awareness
Effects of attitude, normative beliefs, and self-efficacy to comply on a customer service employee’s intention to comply and possibly break policy are significant
ISA has a direct significant influence on attitude toward compliance and plays a major role in shaping outcome beliefs
Read the introduction to get the big picture of the area of research, note any words that you don’t understand and look them up. Try to identify from the introduction what ‘research question(s)’ was that the authors were hoping to answer.
There wasn’t any words in the introduction that most people would have to research.
It’s very clear what they’re going to be looking at at in the intro and these are the questions they specifically state:
(1) What are the broad classes of an employee’s beliefs about the overall assessment of consequences of compliance or noncompliance that influence attitude toward compliance and, in turn, intention to comply with the ISP?
(2) What are an employee’s beliefs about the outcomes of compliance and noncompliance that influence beliefs about the overall assessment of consequences?
(3) What is the role of information security awareness (ISA) in shaping an employee’s beliefs about outcomes and attitude toward compliance?
Read the conclusion. If this is well written it will be another summary of the paper (a bit like the abstract) but it will focus more on the results and what they seem to mean.
the conclusion is well written and draws from the findings of the research and survey results.