Control mechanisms in information security: a principal agent perspective
Source: International Journal of Business Governance and Ethics, Volume 5, Numbers 1-2, 30 November 2009 , pp. 2-13(12)
Publisher: Inderscience Publishers
Abstract:End user security behaviours are an important part of enterprise‐wide information security. Although organisations have been actively using security technologies and practices, it is known that information security cannot be achieved through technological tools alone. In order to find appropriate control mechanisms to encourage employee security behaviours in organisations, we look at this problem through a principal agent perspective. Since employee security behaviours cannot be continuously monitored and employees may have conflicting views regarding security policies (moral hazard problem), we believe that the principal agent paradigm can provide insight in developing effective controls.
Document Type: Research Article
Affiliations: 1: Faculty of Business, Department of Finance, Operations and Information Systems, Brock University, St. Catharines, Ontario L2S 3A1, Canada. 2: Department of Management Science and Systems, School of Management, State University of New York (SUNY) Buffalo, Buffalo, New York 14260, USA
Publication date: 2009-11-30
- The International Journal of Business Governance and Ethics aims to critically explore business and managerial strategies, actions, responsibilities and accountabilities for survival in a highly transparent and dynamic global world.
- Information for Authors
- Submit a Paper
- Subscribe to this Title
- Terms & Conditions
- ingentaconnect is not responsible for the content or availability of external websites