This study adopts Neo-Institutional Theory (NIT) to address the underlying differences in information security policy compliance between the banking industry and higher education. Drawing on NIT, this study examines how regulative, normative, and cognitive expectations effect internal organizational efforts of staying compliant across both industries. Using Partial Least Square (PLS) method, the analysis results suggest that both industries rely on the interrelations between regulative and normative expectations to propel the organizational efforts of attaining compliance. However, the main difference lies within cognitive expectation. In the institution of higher education, cognitive expectation influences regulative expectation that subsequently drives information security policies compliance. On the other hand, cognitive expectation reflects on the regulatory pressure in the banking industry. Given these findings, this study provides suggestions to policy makers for promoting information security policy compliance across industries.
Available at: http://works.bepress.com/hweejoo/12/