The role of internal communication in preventing employees' information security policy noncompliance

dc.contributorAalto-yliopistofi
dc.contributorAalto Universityen
dc.contributor.authorKorpela, Pekka
dc.contributor.departmentJohtamisen laitosfi
dc.contributor.departmentDepartment of Management Studiesen
dc.contributor.schoolKauppakorkeakoulufi
dc.contributor.schoolSchool of Businessen
dc.date.accessioned2015-05-06T11:43:08Z
dc.date.available2015-05-06T11:43:08Z
dc.date.dateaccepted2015-04-07
dc.date.issued2015
dc.description.abstractObjective of the study: The present study was triggered by the lack of research on the human factor of information security and the on-going digital transition that continues to alter employee behaviour. The objective of the study was to assess the relationship between internal communication and ISP noncompliance, and to identify the extent to which the occurrences of ISP noncompliance in a Finnish commercial bank could be prevented by enhancing the internal communication practices of the bank. Methodology and the theoretical framework: The study exploited a qualitative methodology, using a case study approach to research the topic. The empirical data was collected by conducting five semi-structured interviews with the case company employees to gain knowledge about the reasons behind the employees' ISP noncompliance, and about the internal communication practices of the case company. Secondary data consisted of the bank's internal material, and assisted in identifying the contents of the bank's ISP. The data analysis was based on the theoretical framework that was largely built on the previous literature. The framework focused on the factors of information security policy noncompliance and internal communication. Findings and conclusions: The findings implied that the reasons behind the employees' ISP noncompliance are manifold, but the most prevalent ones were work-related stress, employees' attitudes, and colleagues' expectations. Moreover, the findings indicated that the case company manages the ISP communication rather well. However, the bank could prevent certain noncompliance incidents or decrease their number by enhancing management communication to increase employee engagement and to bring the ISPs more on the foreground, and by improving the consistency of the ISP communication.en
dc.ethesisid13918
dc.format.extent111
dc.identifier.urihttps://aaltodoc.aalto.fi/handle/123456789/15900
dc.identifier.urnURN:NBN:fi:aalto-201505072568
dc.language.isoenen
dc.locationP1 I
dc.programme.majorMSc program in Corporate Communicationen
dc.programme.majorMSc program in Corporate Communicationfi
dc.subject.heleconviestintä
dc.subject.heleconcommunication
dc.subject.heleconyritysviestintä
dc.subject.heleconbusiness communication
dc.subject.heleconpankit
dc.subject.heleconbanks
dc.subject.helecontietosuoja
dc.subject.helecondata security
dc.subject.heleconSuomi
dc.subject.heleconFinland
dc.subject.keywordtietosuoja
dc.subject.keywordinformation security
dc.subject.keywordtietosuojasäädökset
dc.subject.keywordinformation security policy
dc.subject.keywordISP
dc.subject.keywordtietosuojasääntörikkomukset
dc.subject.keywordinformation security policy noncompliance
dc.subject.keywordyritysviestintä
dc.subject.keywordcorporate communication
dc.subject.keywordsisäinen viestintä
dc.subject.keywordinternal communication
dc.subject.keywordfinanssiala Suomessa
dc.subject.keywordFinnish financial industry
dc.subject.keywordliikepankit
dc.subject.keywordcommercial banks
dc.titleThe role of internal communication in preventing employees' information security policy noncomplianceen
dc.typeG2 Pro gradu, diplomityöfi
dc.type.dcmitypetexten
dc.type.ontasotMaster's thesisen
dc.type.ontasotPro gradu tutkielmafi
local.aalto.idthes13918
local.aalto.openaccessno
Files