Information Security Policy Compliance in Higher Education: A Neo-Institutional Perspective

External pressures could be a powerful force that drives the institution of higher education to attain information security policy compliance. Drawing on the Neo-Institutional Theory (NIT), this study examined how the three external expectations: regulative, normative, and cognitive expectations, impel the higher education of the United States to reach information security policy compliance. The research findings suggest that regulatory and social normative pressures, but not cognitive pressure, have significant effects on information security policy compliance in higher education. Based on these results, this study unfolds both the practical and research implications.

[1]  Wynne W. Chin,et al.  Structural equation modeling analysis with small samples using partial least squares , 1999 .

[2]  W. Powell,et al.  The iron cage revisited institutional isomorphism and collective rationality in organizational fields , 1983 .

[3]  W. Scott,et al.  Institutions and Organizations. , 1995 .

[4]  John L. Campbell Why would corporations behave in socially responsible ways? an institutional theory of corporate social responsibility , 2007 .

[5]  Irene M. Y. Woon,et al.  Forthcoming: Journal of Information Privacy and Security , 2022 .

[6]  John W. Meyer,et al.  Institutionalized Organizations: Formal Structure as Myth and Ceremony , 1977, American Journal of Sociology.

[7]  Maryann P. Feldman,et al.  Truth for Its Own Sake: Academic Culture and Technology Transfer at Johns Hopkins University , 2004 .

[8]  A. Kaplan,et al.  A Beginner's Guide to Partial Least Squares Analysis , 2004 .

[9]  Wynne W. Chin The partial least squares approach for structural equation modeling. , 1998 .

[10]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[11]  Richard M. Reis,et al.  Tomorrow's Professor: Preparing for Academic Careers in Science and Engineering , 1997 .

[12]  Fadia Nasser,et al.  A Monte Carlo Study Investigating the Impact of Item Parceling on Measures of Fit in Confirmatory Factor Analysis , 2003 .

[13]  Peter A. Dacin,et al.  Market Situation Interpretation and Response: The Role of Cognitive Style, Organizational Culture, and Information Use , 2003 .

[14]  D. Dill The management of academic culture: Notes on the management of meaning and social integration , 1982 .

[15]  W. Scott Institutions and Organizations: Ideas and Interests , 2007 .

[16]  Rudolf R. Sinkovics,et al.  The Use of Partial Least Squares Path Modeling in International Marketing , 2009 .

[17]  Lisa Interligi,et al.  Compliance culture: A conceptual framework , 2010 .

[18]  Detmar W. Straub,et al.  Examining Trust in Information Technology Artifacts: The Effects of System Quality and Culture , 2008, J. Manag. Inf. Syst..

[19]  Deborah A. Frincke,et al.  Who Watches the Security Educators? , 2003, IEEE Secur. Priv..

[20]  Laurie J. Kirsch,et al.  If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security , 2009, Eur. J. Inf. Syst..

[21]  Mark C. Suchman Managing Legitimacy: Strategic and Institutional Approaches , 1995 .

[22]  Wynne W. Chin,et al.  Extending the technology acceptance model: the influence of perceived user resources , 2001, DATB.

[23]  Qing Hu,et al.  The role of external and internal influences on information systems security - a neo-institutional perspective , 2007, J. Strateg. Inf. Syst..

[24]  Detmar W. Straub,et al.  A Practical Guide To Factorial Validity Using PLS-Graph: Tutorial And Annotated Example , 2005, Commun. Assoc. Inf. Syst..

[25]  E. Abt Understanding statistics 3 , 2010, Evidence-Based Dentistry.

[26]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[27]  Adam Marks Exploring universities' information systems security awareness in a changing higher education environment : a comparative case study research , 2007 .

[28]  Robert B. Kvavik,et al.  Information Technology Security : Governance , Strategy , and Practice in Higher Education , 2003 .

[29]  David L. Deephouse,et al.  An Examination of Differences between Organizational Legitimacy and Organizational Reputation , 2005 .

[30]  T. Kostova,et al.  Adoption of an Organizational Practice by Subsidiaries of Multinational Corporations: Institutional and Relational Effects , 2002 .

[31]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[32]  Yacine Rezgui,et al.  Information security awareness in higher education: An exploratory study , 2008, Comput. Secur..

[33]  R. Hoyle Statistical Strategies for Small Sample Research , 1999 .