Accountability Theory Summary

990 Words4 Pages

To formulate a theoretical perspective for this study, accountability theory as conceptualized in Vance et al. (2015) provided a useful prototype.
The study employed constructs of accountability theory to develop a testable research model that shows how identifiability, expectation of evaluation, awareness of monitoring and social presence together with information security culture can consolidate to nurture a culture of information security policy compliance in organizations. The next section of this paper explains how constructs accountability theory have been conceptualized in the study.

2.1. Accountability Theory
Accountability “is a process in which a person has a potential obligation to explain his/her actions to another party who has …show more content…

(2015) developed the four-core components of accountability that provides the foundation upon which this research was conducted. Therefore, in this study, the four-core components of accountability theory by Vance et al. (2015) is conceptualized in the ISP compliance context to a theoretical research model (presented in Fig 1). With reference to these specific variables, the theoretical research model to influence employees’ attitudes, behavior intentions and after to establish a culture of ISP compliance, would be described in the following manner. First, the potential for an employee to comply with information security policy within an organization is subject to the employee’s knowledge that his outputs could be linked to him in a way that reveals his/her true identity. Second, employee’s conviction that another person will assess his/her performance according to some normative ground rules and with some implied consequences would much influence his/her attitude towards information security policy (ISP) compliance. Third, when employees are made to understand that the entire work process is being monitored they are likely to put up behaviors that foster compliance with ISP. Finally, employees’ awareness of the presence of another person who has the right to pass judgment on their actions and to administer potential positive or negative consequences in response, can have positive influence on their behavior …show more content…

Identifiability has a feature of self-linkage and this makes it a potent deterrent to unacceptable behaviors such as noncompliance with security rules and procedures. This deterrent effect ensures that acceptable behaviors are cultivated among employees. Identifiability is closely related to the construct of non-repudiation - a person cannot deny his actions upon attribution. The more people feel that they can deny or successfully challenge actions attributed to them, the less restraint they become in their behavior. In the contexts of this study, when employees realize their activities of the use of information resources (e.g. computers and networks) link to some identifiers that uniquely reveals their true identity, their behaviors become more acceptable (i.e. conforming to security rules and procedures). However, when employees sense that their activities can in no way be linked to them, they are likely to demonstrate unacceptable security behaviors. Research on human computer interaction (HCI) by Mondloch and Desjarlais (2010) provides the needed empirical justification. In view of this, identifiability is expected to increase accountability and cause employees to demonstrate accountable attitudes towards compliance with ISP, whereas a lack of identifiability should decrease accountability and cause employees to demonstrate unaccountable attitudes towards