scholarly journals An Integrative Behavioral Model of Information Security Policy Compliance

2014 ◽  
Vol 2014 ◽  
pp. 1-12 ◽  
Author(s):  
Sang Hoon Kim ◽  
Kyung Hoon Yang ◽  
Sunyoung Park
Keyword(s):  
Information System ◽  
Information Security ◽  
Security Policy ◽  
System Security ◽  
Behavioral Model ◽  
Information Security Policy ◽  
Information System Security ◽  
Neutralization Theory ◽  
Information Security Policy Compliance ◽  
Security Policy Compliance

The authors found the behavioral factors that influence the organization members’ compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members’ attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members’ compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members’ neutralization intention to violate information security policy should be emphasized.

Factors influencing information security compliance: an institutional perspective

2021 ◽  
Vol 44 (1) ◽  
pp. 108-118
Author(s):  
Temtim Assefa ◽  
Alpha Tensaye
Keyword(s):  
Information System ◽  
Information Security ◽  
Security Policy ◽  
System Security ◽  
Organizational Factors ◽  
Business Environment ◽  
Survey Method ◽  
Information Security Policy ◽  
Information System Security ◽  
External Threats

Information is the critical resource of modern organization that needs to be protected from both internal and external threats so as to sustain in this competitive business environment. In order to do so, comprehensive security policy must be formulated and implemented. Every employee of the organization must comply with the organization’s security policy. Although organizations implement information security policy, it is commonly observed that employees do not comply with the organization information security policy. The purpose of this research was to identify organizational factors that shape employees behavior to comply with information system security policy in Ethio-telecom. Data were collected via using survey method. Multiple linear regression was used as data analysis method. The study result showed that management support, awareness and training, and accountability are leading organizational factors that shape employees behavior to comply with the existing information system security policy. This is a single case study; it cannot be generalized for other organizations. Other researchers can replicate this research for generalizability of the research findings across different contexts.

The role of norms in information security policy compliance

2020 ◽  
Vol 28 (5) ◽  
pp. 743-761
Author(s):  
Isaac Wiafe ◽  
Felix Nti Koranteng ◽  
Abigail Wiafe ◽  
Emmanuel Nyarko Obeng ◽  
Winfred Yaokumah
Keyword(s):  
Information System ◽  
Information Security ◽  
Security Policy ◽  
System Security ◽  
Policy Compliance ◽  
Content Type ◽  
Information System Security ◽  
Personal Norms ◽  
Security Policy Compliance

Purpose The purpose of this paper is to determine which factors influence information system security policy compliance. It examines how different norms influence compliance intention. Design/methodology/approach Based on relevant literature on information system security policy compliance, a research model was developed and validated. An online questionnaire was used to gather data from respondents and partial least square structural equation modelling (PLS-SEM) was used to analyse 432 responses received. Findings The results indicated that attitude towards information security compliance mediates the effects of personal norms on compliance intention. In addition, descriptive and subjective norms are significant predictors of personal norms. Originality/value Though advancement in technology has reached significant heights, it is still inadequate to guaranteed information systems’ security. Researchers have identified humans to be central in ensuring information security. To this effect, this study provides empirical evidence of the role of norms in influence information security behaviour.

The Cultural Foundation of Information Security Behavior

2021 ◽  
pp. 522-545
Author(s):  
Canchu Lin ◽  
Anand S. Kunnathur ◽  
Long Li
Keyword(s):  
Organizational Culture ◽  
Information Security ◽  
Security Policy ◽  
Behavior Control ◽  
Policy Compliance ◽  
Information Security Policy ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Information Security Policy Compliance ◽  
Security Policy Compliance

Past behavior research overwhelmingly focused on information security policy compliance and under explored the role of organizational context in shaping information security behaviors. To address this research gap, this study integrated two threads of literature: organizational culture, and information security behavior control, and proposed a framework that integrates mid-range theories used in empirical research, connects them to organizational culture, and predicts its role in information security behavior control. Consistent with the cultural-fit perspective, this framework shows that information security policy compliance fits hierarchical culture and the approach of promoting positive, proactive, and emerging information security behaviors fits participative culture. Contributions and practical implications of this framework, together with future research directions, are discussed.

Sign in / Sign up

Export Citation Format

Share Document