Defense Date
Summer 7-9-2018
Degree Type
Dissertation
Degree Name
Information Systems
Department
Business Administration
Committee Chair/First Advisor
Dr. Humayun Zafar
Committee Member or Co-Chair
Dr. Brad Schafer
Reader
Dr. Solomon Negash
Abstract
Organizational fraud, a deceitful practice or willful device resorted to with intent to deprive another of his right, or in some manner to do harm or injury, is a growing global concern. While cyberattacks from the outside are more expected, the internal security threat from trusted insiders is responsible for significantly more information compromise than external threats. Information systems make life easier but are increasingly used by employees to perpetrate fraudulent activities. For example, a trusted insider employee with access to sensitive customer databases could misappropriate information and sell it to a competitor for personal gain. These type losses are typical of organizational fraud averaging 5% of annual revenues, and current detection and prevention methods are not fully adequate to address the threat.
This research examines how organizational fraud is affected by information security policy characteristics. We specifically study the effects of quality and enforcement as mediated by security compliance using a sampling of survey data from selected organizations. Our results show that increased quality and enforcement supports increased compliance. We found an inverse relationship between policy compliance and organizational fraud. Additionally, our model demonstrates that compliance fully mediates between policy quality, policy enforcement, and the dependent variable fraud.