Control mechanisms in information security: A principal agent perspective

Tejaswini Herath; H. Raghav Rao

doi:10.1504/IJBGE.2010.029551

Control mechanisms in information security: A principal agent perspective

Tejaswini Herath
, H. Raghav Rao

Management Science and Systems

Faculty of Business, Brock University

Research output: Contribution to journal › Article › peer-review

7 Scopus citations

Abstract

End user security behaviours are an important part of enterprise-wide information security. Although organisations have been actively using security technologies and practices, it is known that information security cannot be achieved through technological tools alone. In order to find appropriate control mechanisms to encourage employee security behaviours in organisations, we look at this problem through a principal agent perspective. Since employee security behaviours cannot be continuously monitored and employees may have conflicting views regarding security policies (moral hazard problem), we believe that the principal agent paradigm can provide insight in developing effective controls.

Original language	English
Pages (from-to)	2-13
Number of pages	12
Journal	International Journal of Business Governance and Ethics
Volume	5
Issue number	1-2
DOIs	https://doi.org/10.1504/IJBGE.2010.029551
State	Published - 2010

Keywords

Employee security behaviours
Information security
Principal agent theory

Access to Document

10.1504/IJBGE.2010.029551

Cite this

@article{07a2409df85f47d0b5592dd87202f7f2,

title = "Control mechanisms in information security: A principal agent perspective",

abstract = "End user security behaviours are an important part of enterprise-wide information security. Although organisations have been actively using security technologies and practices, it is known that information security cannot be achieved through technological tools alone. In order to find appropriate control mechanisms to encourage employee security behaviours in organisations, we look at this problem through a principal agent perspective. Since employee security behaviours cannot be continuously monitored and employees may have conflicting views regarding security policies (moral hazard problem), we believe that the principal agent paradigm can provide insight in developing effective controls.",

keywords = "Employee security behaviours, Information security, Principal agent theory",

author = "Tejaswini Herath and Rao, \{H. Raghav\}",

year = "2010",

doi = "10.1504/IJBGE.2010.029551",

language = "English",

volume = "5",

pages = "2--13",

journal = "International Journal of Business Governance and Ethics",

issn = "1477-9048",

publisher = "Inderscience Enterprises Ltd",

number = "1-2",

}

TY - JOUR

T1 - Control mechanisms in information security

T2 - A principal agent perspective

AU - Herath, Tejaswini

AU - Rao, H. Raghav

PY - 2010

Y1 - 2010

N2 - End user security behaviours are an important part of enterprise-wide information security. Although organisations have been actively using security technologies and practices, it is known that information security cannot be achieved through technological tools alone. In order to find appropriate control mechanisms to encourage employee security behaviours in organisations, we look at this problem through a principal agent perspective. Since employee security behaviours cannot be continuously monitored and employees may have conflicting views regarding security policies (moral hazard problem), we believe that the principal agent paradigm can provide insight in developing effective controls.

AB - End user security behaviours are an important part of enterprise-wide information security. Although organisations have been actively using security technologies and practices, it is known that information security cannot be achieved through technological tools alone. In order to find appropriate control mechanisms to encourage employee security behaviours in organisations, we look at this problem through a principal agent perspective. Since employee security behaviours cannot be continuously monitored and employees may have conflicting views regarding security policies (moral hazard problem), we believe that the principal agent paradigm can provide insight in developing effective controls.

KW - Employee security behaviours

KW - Information security

KW - Principal agent theory

UR - https://www.scopus.com/pages/publications/77249107260

U2 - 10.1504/IJBGE.2010.029551

DO - 10.1504/IJBGE.2010.029551

M3 - Article

AN - SCOPUS:77249107260

SN - 1477-9048

VL - 5

SP - 2

EP - 13

JO - International Journal of Business Governance and Ethics

JF - International Journal of Business Governance and Ethics

IS - 1-2

ER -

Control mechanisms in information security: A principal agent perspective

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this