摘要
In the organizational setting of marine engineering,a significant number of information security incidents have been arised from the employees’failure to comply with the information security policies(ISPs).This may be treated as a principal-agent problem with moral hazard between the employer and the employee for the practical compliance effort of an employee is not observable without high cost-.On the other hand,according to the deterrence theory,the employer and the employee are inherently self-interested beings.It is worth examining to what extent the employee is self-interested in the marine ISPs compliance context.Moreover,it is important to clarify the proper degree of severity of punishment in terms of the deterrent effect.In this study,a marine ISPs compliance game model has been proposed to evaluate the deterrence effect of punishment on the non-compliance behavior of employee individuals.It is found that in a non-punishment contract,the employee will decline to comply with the marine ISPs;but in a punishment contract,appropriate punishment will lead her to select the marine ISPs compliance effort level expected by the employer,and cause no potential backfire effect.
基金
funded in part by the National Natural Science Foundation of China (No.70972058,No.71272092 and No.71431002)。
作者简介
Corresponding author:Xiaolong Wang,School of Economics and Management,Binzhou Uni-versity,Shandong,256600,China.E-mail address:Michaelxlwang@hotmail.com Michaelxlwang@hotmail.com。
