Contemplating ISP compliance as the modus operandi for organizational cyber resilience

: A study on the initiation and impact of an Information Security Policy and the compliance therewith as a means to achieve organizational cyber resilience in a Dutch University.

Abstract

The popular expression “data is the new oil” indicates the substantial role of data in our technologically driven world. From online communications, to online shopping, and general organizational matters, the importance of gathering, storing and processing (personal) data for economic purposes has reached a new high. With regards to security, compliance and accountability matters, many institutions – both regional and global – have set out rules and standards for handling this information. From an organizational perspective, issuing an Information Security Policy (ISP) to address and adjust organizational (including employee) shortcomings in the handling of valuable information assets might create an expectance of cyber security and, perhaps, even cyber resilience. However, whilst much research has been focused on analyses of how ISPs enhance employee cyber behavior, relatively little is known about or related to the exact contribution of ISP compliance to cyber resilience of the organization in its entirety. In light thereof, this research focuses on providing further insights into the relation between ISP compliance (effects) and cyber resilience in organizations. It is based on re-assessing the theoretically identified ISP (compliance) drivers such as capability-, motivation-, and awareness-enhancing mechanisms in light of their contribution to organizational cyber resilience through mechanisms for ISP compliance.

Date of Award	1 Jun 2024
Original language	English
Supervisor	Tim Huygh (Examiner) & Khoi Nguyen (Co-assessor)