An Objective Of Information Security

Better Essays
The main objective of information security is to safeguard the integrity, confidentiality and availability aspects of information systems and data. from any threats and vulnerabilities, especially when such threats and vulnerabilities are on the rise. The 2015 annual Global State of Information Security Survey conducted by the Internet Development Group (IDG) subsidiaries CIO and CSO in conjunction with PricewaterhouseCoopers (PwC), shows information security incident increase of 48% from 2013-14, and a 66% compound annual growth rate since 2009; Furthermore, the same study found that employees were the most-cited culprits of security incidents (Global State Information Security, n.d.). The implication is that organizations need to look…show more content…
Bulgurcu et al. (2010) referred to this theory as the basis of their investigation of the rationality based factors of benefit of compliance, cost of compliance, and cost of noncompliance, that influence employee attitudes on compliance to requirements of the information security policies. Bulgurcu et al. (2010) further postulated the following based on employee’s beliefs about the outcomes of compliance and noncompliance; that intrinsic benefit, safety of resources, and rewards shaped benefit of compliance, work impediment shaped cost of compliance, and intrinsic cost, vulnerability of resources, and sanctions shaped cost of noncompliance . The findings of their research were that benefit of compliance and cost of noncompliance positively impacted employees’ attitudes to compliance, whereas cost of compliance negatively impacted employees’ attitudes to compliance.
Other similar research that has been done has also yielded similar results. Research by Sang et al. (2014) examined the study done by Bulgurcu et al. (2010), and verified their findings. Siponen et al. (2009) found that perceived vulnerability (employees ' assessment of organizations’ vulnerability to information security threats) and perceived severity (the degree of potential physical and psychological harm arising from information security threats) directly affect employees ' intention to comply with information security
Get Access