Issue link: https://insights.oneneck.com/i/1476862
30 The 7 dimensions of security culture theories that focus on negative motivators, such as sanctions and fear 73 . Lately, research shows that the most effective seems to be intrinsic motivation rather than extrinsic motivators 74 . This stream of research suggests that we should find a fit between the values of employees and the objectives of the ISPs, because intrinsic motivation to follow ISPs is much more effective than external ones, like sanctions. In any case, no conclusive results exist to suggest the best approach. It is however clear that compliance with ISPs is deeply rooted in the security culture and wider organizational culture, which is why compliance is a complex socio-cultural phenomenon. Measuring compliance as a dimension of security culture is of utmost importance for organizational security. In addition to having a well-documented set of policies and procedures, ISPs must be clearly understood, readily available and easily accessible to all employees. Incorporating policy into learned processes and procedures is essential. Compliance can be improved when the employee understands how the policy affects them, their work activities and their role within the organization. Moreover, measuring, monitoring and actively working to improve all dimensions of security culture, including Compliance, can have significant influence on improving employees' understanding and adherence to the information security policies set by an organization. In particular, we see that as levels of Cognition, Responsibilities, Communication, and Attitudes increase, Compliance is also positively impacted.