In the organizational setting of marine engineering,a significant number of information security incidents have been arised from the employees’failure to comply with the information security policies(ISPs).This may b...In the organizational setting of marine engineering,a significant number of information security incidents have been arised from the employees’failure to comply with the information security policies(ISPs).This may be treated as a principal-agent problem with moral hazard between the employer and the employee for the practical compliance effort of an employee is not observable without high cost-.On the other hand,according to the deterrence theory,the employer and the employee are inherently self-interested beings.It is worth examining to what extent the employee is self-interested in the marine ISPs compliance context.Moreover,it is important to clarify the proper degree of severity of punishment in terms of the deterrent effect.In this study,a marine ISPs compliance game model has been proposed to evaluate the deterrence effect of punishment on the non-compliance behavior of employee individuals.It is found that in a non-punishment contract,the employee will decline to comply with the marine ISPs;but in a punishment contract,appropriate punishment will lead her to select the marine ISPs compliance effort level expected by the employer,and cause no potential backfire effect.展开更多
基金funded in part by the National Natural Science Foundation of China (No.70972058,No.71272092 and No.71431002)。
文摘In the organizational setting of marine engineering,a significant number of information security incidents have been arised from the employees’failure to comply with the information security policies(ISPs).This may be treated as a principal-agent problem with moral hazard between the employer and the employee for the practical compliance effort of an employee is not observable without high cost-.On the other hand,according to the deterrence theory,the employer and the employee are inherently self-interested beings.It is worth examining to what extent the employee is self-interested in the marine ISPs compliance context.Moreover,it is important to clarify the proper degree of severity of punishment in terms of the deterrent effect.In this study,a marine ISPs compliance game model has been proposed to evaluate the deterrence effect of punishment on the non-compliance behavior of employee individuals.It is found that in a non-punishment contract,the employee will decline to comply with the marine ISPs;but in a punishment contract,appropriate punishment will lead her to select the marine ISPs compliance effort level expected by the employer,and cause no potential backfire effect.
