A Cross Industry Study: Differences in Information Security Policy Compliance Between the Banking Industry and Higher Education

Author

Hwee-Joo Kam, Dakota State University

Date of Award

Spring 5-1-2012

Document Type

Dissertation

Degree Name

Doctor of Science in Information Systems

Department

Business and Information Systems

First Advisor

Ronghua Shan

Second Advisor

Matthew J. Miller

Third Advisor

Omar El-Gayar

Abstract

This study adopts Neo-Institutional Theory (NIT) to address the underlying differences in information security policy compliance between the banking industry and the higher education. Drawing on NIT, this study examines how regulative, normative, and cognitive expectations influence the internal organizational efforts of staying compliant across both industries. Using the Partial Least Square (PLS) method, the analysis results suggest that both industries rely on the normative expectation to propel their organizational efforts of attaining compliance. However, the main difference lies within the cognitive expectation. In the institution of higher education, cognitive expectation has an indirect effect on information security policies compliance through regulative expectation. On the other hand, cognitive expectation reflects the severity of regulatory pressure in the banking industry. Given these findings, this study presents theoretical implication and provides suggestions to policy makers on the basis of managerial implication.

Recommended Citation

Kam, Hwee-Joo, "A Cross Industry Study: Differences in Information Security Policy Compliance Between the Banking Industry and Higher Education" (2012). Masters Theses & Doctoral Dissertations. 279.
https://scholar.dsu.edu/theses/279