点击次数：

论文类型：会议论文

发表时间：2018-01-01

收录刊物：CPCI-SSH

页面范围：19-25

关键字：Incentive mechanism; Information security policy; Compliance behavior; Principal-agent model with moral hazard; Penalty

摘要：A significant number of information security incidents have been attributed to the internal employees' failure to comply with the information security policy (ISP) in the organizational setting. There exists a principal-agent problem with moral hazard between the employer and the employee individual for the practical compliance effort of the employee is not observable without high costs. In this study, an ISP compliance game has been proposed to analyze the incentive mechanism of penalty on the compliance behavior of employee individual. It is shown that in a no-penalty contract, the employee will decline to comply with the ISP if the expected payoff obtained from her noncompliance is larger than that from the outside options; and in a penalty contract, an appropriate penalty will motivate her to exert the compliance effort level expected by her employer. A numerical example has been presented to show the validity of this game analysis.