How Employees Continue to Comply With Information Systems’ Security Policies?: Insights from Information Systems’ Continuance Model

Abstract:

Information systems are one of the most important assets of modern organizations because they usually deal with the critical organizational data. Nowadays because of the complex operating environment, organizations need to invest heavily in information systems (Ifinedo, 2007). On the other hand, there are variety of unwanted or intentional threats to the IS information security including misusing, steal and destruction of data. By considering that in the last decade information security incidents have increased significantly (Siponen, 2013) appropriate Information security methods are compulsory for organizations. In order to address these issues various security technologies like firewalls, proxies and content monitoring systems are widely used. These technologies offer just technical solution for information security problems and usually they are not enough for the comprehensive protection of IS assets (Herath, 2009) (Rhodes, 2001) (Vance, 2012). The reason is that organizations should consider socio-organizational aspect for gaining the desired output in information security management issues. It means that they should focus on individuals as well as on technical tools for achieving complete solution for the information security concerns. For instance, if we consider that an organization utilizes a strong firewall, but its employees do not feel comfortable with this technology or resist to use it the information security cannot be assured in that organization. It is clear that focusing on advance security technologies should be alongside with the focusing on individuals and other organizational parameters like environment. So obviously organizations should consider multi-perspective methods to protect their valuable IS assets and address information security problems (Herath, 2009).