![Sample our Economics, Finance,Business & Industry journals, sign in here to start your access, latest two full volumes FREE to you for 14 days]({"type":"image" , "src" : "/sda/5931/TOC-Subject-Sample-2021-Economics-Finance-Business-Industry.jpg"})
Abstract
A major stream of research within the field of information systems security examines the use of organizational policies that specify how users of information and technology resources should behave in order to prevent, detect, and respond to security incidents. However, this growing (and at times, conflicting) body of research has made it challenging for researchers and practitioners to comprehend the current state of knowledge on the formation, implementation, and effectiveness of security policies in organizations. Accordingly, the purpose of this paper is to synthesize what we know and what remains to be learned about organizational information security policies, with an eye toward a holistic understanding of this research stream and the identification of promising paths for future study. We review 114 influential security policy-related journal articles and identify five core relationships examined in the literature. Based on these relationships, we outline a research framework that synthesizes the construct linkages within the current literature. Building on our analysis of these results, we identify a series of gaps and draw on additional theoretical perspectives to propose a revised framework that can be used as a basis for future research.
Special Issue Editors: Paul Benjamin Lowry, Tamara Dinev, Robert Willison
Special Issue Editors: Paul Benjamin Lowry, Tamara Dinev, Robert Willison
Additional information
Notes on contributors
W. Alec Cram
W. Alec Cram is an Assistant Professor of Information and Process Management at Bentley University. He received a Ph.D. from Queen’s University. Alec previously worked as an IT Audit Manager at Deloitte, where he received a CISSP and CISA. Alec currently teaches undergraduate and graduate information security classes, while his research focuses on how information systems control initiatives can contribute to improving the performance of organizational processes. His work has been published or is forthcoming in outlets including the Information Systems Journal, European Journal of Information Systems, Journal of the Association for Information Systems and Information and Management.
Jeffrey G. Proudfoot
Jeffrey G. Proudfoot is an Assistant Professor in the Information and Process Management Department at Bentley University. Jeff’s research centers on information security and privacy with emphases on automated credibility assessment and insider threat detection. Jeff has contributed to over $1 million in Department of Homeland Security (DHS), Center for Identification Technology Research (CITeR), and National Science Foundation (NSF) grants, of which over $500 k was awarded with Jeff operating as a PI or a co-PI. His work has been published or is forthcoming in journals including the Journal of Management Information Systems, Information Technology for Development, Journal of Nonverbal Behavior, and International Journal of Sociology and Social Policy.
John D’Arcy
John D’Arcy is an Associate Professor in the Department of Accounting and MIS, Lerner College of Business and Economics, at the University of Delaware. He received his Ph.D. in Management Information Systems from Temple University. His research interests include information assurance and security, IT risk management, and computer ethics. His work appears in journals such as Information Systems Research, Decision Sciences Journal, European Journal of Information Systems, Journal of Management Information Systems, MIT Sloan Management Review, Decision Support Systems, and Computers and Security.