The enforcement of information security policy is an important issue in organisations. Previous studies approach policy enforcement using deterrence theory to deal with information security violations and focus on end-users' awareness. This study investigates deterrence strategy within organisations from the perspective of information security managers. The results primarily reveal that current deterrence strategy has little influence on reducing violations because it is only used as a prevention strategy due to the lack of means of detection. Our study suggests that organisations should shift to detection of violations and identification of violators, and expand the range of sanctions. The research also presents an architecture of information security strategies to be operated in a coordinated manner for use in deterring security violations.
CITATION STYLE
Park, S., Ruighaver, A. B., Maynard, S. B., & Ahmad, A. (2012). Towards understanding deterrence: Information security managers’ perspective. In Lecture Notes in Electrical Engineering (Vol. 120 LNEE, pp. 21–37). https://doi.org/10.1007/978-94-007-2911-7_3
Mendeley helps you to discover research relevant for your work.