首页 | 本学科首页   官方微博 | 高级检索  
     

信息安全遵从行为的激励机制研究——惩罚的确定性与适度性
引用本文:王小龙,李文立. 信息安全遵从行为的激励机制研究——惩罚的确定性与适度性[J]. 运筹与管理, 2018, 27(3): 133-142. DOI: 10.12005/orms.2018.0069
作者姓名:王小龙  李文立
作者单位:大连理工大学 管理与经济学部,辽宁 大连 116024
基金项目:国家自然科学基金资助项目(70972058,71272092,71431002)
摘    要:关于惩罚的确定性及其严重性是否能够有效地影响组织内部雇员的信息安全遵从行为,已有的研究结论尚存在着严重分歧。为了继续探索惩罚对信息安全遵从行为的影响作用,构建了信息安全遵从博弈模型,依据该模型和存在道德风险的委托人——代理人理论,分析了惩罚的确定性以及适度的惩罚严重性对信息安全遵从行为的激励机制,并对惩罚的适度性进行了数值模拟。研究表明:(1)作为委托人的组织可以设计出包含适度惩罚的最优激励契约,并获得最优的信息安全遵从收益;作为代理人的雇员不仅将接受该契约,并且会按照组织所期望的努力水平去遵从信息安全制度。(2)惩罚的确定性和适度性两者能够有效地影响雇员的信息安全遵从行为。(3)组织可以根据雇员的风险规避测度、外部机会收益、激励报酬以及信息安全产出结果这四个因素来设置适当的惩罚额度。这些研究结果将有助于信息安全管理者深入地理解并有效地管理组织内部雇员的信息安全遵从行为。

关 键 词:信息系统  信息安全  委托人——代理人理论  激励机制  信息安全遵从行为  惩罚  
收稿时间:2015-07-23

The Influence of the Certainty and the Appropriateness of Penalty on Information Security Compliance Behavior
WANG Xiao-long,LI Wen-li. The Influence of the Certainty and the Appropriateness of Penalty on Information Security Compliance Behavior[J]. Operations Research and Management Science, 2018, 27(3): 133-142. DOI: 10.12005/orms.2018.0069
Authors:WANG Xiao-long  LI Wen-li
Affiliation:Faculty of Management and Economics, Dalian University of Technology, Dalian 116024, China
Abstract:The influence of the certainty and severity of penalty on the information security compliance behaviors of employees has been an issue of debate in the previous studies. In the present work, the compliance effort level on the information security policy is viewed to be a consequence of the dynamical game between the organization and its employee individual. An information security compliance game model is proposed, and then combined with the principal-agent theory to explore the influence of penalty on the information security compliance behavior of the employee. The incentive mechanisms of the certainty and the appropriateness of penalty on the compliance behavior are first considered, and then are further analyzed by using numerical simulation. Several significant results are obtained: (1)The organization (the principal) can design an optimal incentive contract which includes appropriate penalty for motivating the employee (an agent) to comply with the information security policy; (2)The certainty and the appropriateness of penalty are effective in motivating employee’s compliance; (3)The appropriateness of penalty can be determined in terms of the risk aversion of the employee, the compensation, the external benefit and the probability of the negative outcome of non-compliance. These theoretical insights are expected to provide useful reference for managers to understand and manage the information security compliance behaviors of employees in the organizational setting.
Keywords:information system  information security  principal-agent theory  incentive mechanism  information security compliance behavior  penalty  
本文献已被 CNKI 等数据库收录!
点击此处可从《运筹与管理》浏览原始摘要信息
点击此处可从《运筹与管理》下载免费的PDF全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号