Date of Award

Spring 5-1-2012

Document Type


Degree Name

Doctor of Science in Information Systems


Business and Information Systems

First Advisor

Ronghua Shan

Second Advisor

Matthew J. Miller

Third Advisor

Omar El-Gayar


This study adopts Neo-Institutional Theory (NIT) to address the underlying differences in information security policy compliance between the banking industry and the higher education. Drawing on NIT, this study examines how regulative, normative, and cognitive expectations influence the internal organizational efforts of staying compliant across both industries. Using the Partial Least Square (PLS) method, the analysis results suggest that both industries rely on the normative expectation to propel their organizational efforts of attaining compliance. However, the main difference lies within the cognitive expectation. In the institution of higher education, cognitive expectation has an indirect effect on information security policies compliance through regulative expectation. On the other hand, cognitive expectation reflects the severity of regulatory pressure in the banking industry. Given these findings, this study presents theoretical implication and provides suggestions to policy makers on the basis of managerial implication.