Date of Conferral







Robert E. Levasseur


Employees in higher education are likely to violate information security policies because of the open nature of academic institutions. Policy violations can lead to data breaches and identity theft that can cause harm to businesses and individuals. The purpose of this quantitative, correlational, cross-sectional study based on general deterrence theory and neutralization theory was to analyze the relationships between the independent variables, severity of sanctions, vulnerability to sanctions, and awareness of consequences, and the dependent variable, intention to comply with information security policy. Participants (n=100) who work in a higher education institution with an information security policy completed an online survey. Multiple linear regression analysis showed that all of the independent variables had a significant relationship with the dependent variable intention. Severity had the strongest relationship, followed by awareness and then vulnerability. Understanding the relationships between the severity, vulnerability, awareness, and the dependent variable intention may aid information security practitioners in creating programs that increase compliance with information security and decrease the number of data breaches. Decreasing the number of data breaches could reduce the incidents of identity theft, fraud, compromised medical records, and small business bankruptcies, thus contributing to positive social change.