运筹与管理2018,Vol.27Issue(3):133-142,10.DOI:10.12005/orms.2018.0069
信息安全遵从行为的激励机制研究——惩罚的确定性与适度性
The Influence of the Certainty and the Appropriateness of Penalty on Information Security Compliance Behavior
摘要
Abstract
The influence of the certainty and severity of penalty on the information security compliance behaviors of employees has been an issue of debate in the previous studies.In the present work,the compliance effort level on the information security policy is viewed to be a consequence of the dynamical game between the organization and its employee individual.An information security compliance game model is proposed, and then combined with the principal-agent theory to explore the influence of penalty on the information security compliance behavior of the employee.The incentive mechanisms of the certainty and the appropriateness of penalty on the compliance behavior are first considered, and then are further analyzed by using numerical simulation.Several significant results are obtained:(1)The organization(the principal)can design an optimal incentive contract which includes appropriate penalty for motivating the employee(an agent)to comply with the information security policy;(2)The certainty and the appropriateness of penalty are effective in motivating employee's compliance;(3)The appropriateness of penalty can be determined in terms of the risk aversion of the employee,the compen-sation,the external benefit and the probability of the negative outcome of non-compliance.These theoretical insights are expected to provide useful reference for managers to understand and manage the information security compliance behaviors of employees in the organizational setting.关键词
信息系统/信息安全/委托人——代理人理论/激励机制/信息安全遵从行为/惩罚Key words
information system/information security/principal-agent theory/incentive mechanism/information security compliance behavior/penalty分类
管理科学引用本文复制引用
王小龙,李文立..信息安全遵从行为的激励机制研究——惩罚的确定性与适度性[J].运筹与管理,2018,27(3):133-142,10.基金项目
国家自然科学基金资助项目(70972058,71272092,71431002) (70972058,71272092,71431002)
