Chair or Co-Chair
Dr. Humayun Zafar
Committee Member or Co-Chair
Dr. Brad Schafer
Dr. Solomon Negash
Organizational fraud, a deceitful practice or willful device resorted to with intent to deprive another of his right, or in some manner to do harm or injury, is a growing global concern. While cyberattacks from the outside are more expected, the internal security threat from trusted insiders is responsible for significantly more information compromise than external threats. Information systems make life easier but are increasingly used by employees to perpetrate fraudulent activities. For example, a trusted insider employee with access to sensitive customer databases could misappropriate information and sell it to a competitor for personal gain. These type losses are typical of organizational fraud averaging 5% of annual revenues, and current detection and prevention methods are not fully adequate to address the threat.
This research examines how organizational fraud is affected by information security policy characteristics. We specifically study the effects of quality and enforcement as mediated by security compliance using a sampling of survey data from selected organizations. Our results show that increased quality and enforcement supports increased compliance. We found an inverse relationship between policy compliance and organizational fraud. Additionally, our model demonstrates that compliance fully mediates between policy quality, policy enforcement, and the dependent variable fraud.
Brown, Dennis T., "Investigating Information Security Policy Characteristics: Do Quality, Enforcement and Compliance Reduce Organizational Fraud?" (2018). Doctor of Business Administration Dissertations. 40.
Available for download on Saturday, July 18, 2020