Establishing information security policy compliance culture in organizations. (8th October 2018)
- Record Type:
- Journal Article
- Title:
- Establishing information security policy compliance culture in organizations. (8th October 2018)
- Main Title:
- Establishing information security policy compliance culture in organizations
- Authors:
- Amankwa, Eric
Loock, Marianne
Kritzinger, Elmarie - Abstract:
- Abstract : Purpose: This paper aims to establish that employees' non-compliance with information security policy (ISP) could be addressed by nurturing ISP compliance culture through the promotion of factors such as supportive organizational culture, end-user involvement and compliance leadership to influence employees' attitudes and behaviour intentions towards ISP in organizations. This paper also aims to develop a testable research model that might be useful for future researchers in predicting employees' behavioural intentions. Design/methodology/approach: In view of the study's aim, a research model to show how three key constructs can influence the attitudes and behaviours of employees towards the establishment of security policy compliance culture (ISPCC) was developed and validated in an empirical field survey. Findings: The study found that factors such as supportive organizational culture and end-user involvement significantly influenced employees' attitudes towards compliance with ISP. However, leadership showed the weakest influence on attitudes towards compliance. The overall results showed that employees' attitudes and behavioural intentions towards ISP compliance together influenced the establishment of ISPCC for ISP compliance in organizations. Practical implications: Organizations should influence employees' attitudes towards compliance with ISP by providing effective ISP leadership, encouraging end-user involvement during the draft and update of ISP andAbstract : Purpose: This paper aims to establish that employees' non-compliance with information security policy (ISP) could be addressed by nurturing ISP compliance culture through the promotion of factors such as supportive organizational culture, end-user involvement and compliance leadership to influence employees' attitudes and behaviour intentions towards ISP in organizations. This paper also aims to develop a testable research model that might be useful for future researchers in predicting employees' behavioural intentions. Design/methodology/approach: In view of the study's aim, a research model to show how three key constructs can influence the attitudes and behaviours of employees towards the establishment of security policy compliance culture (ISPCC) was developed and validated in an empirical field survey. Findings: The study found that factors such as supportive organizational culture and end-user involvement significantly influenced employees' attitudes towards compliance with ISP. However, leadership showed the weakest influence on attitudes towards compliance. The overall results showed that employees' attitudes and behavioural intentions towards ISP compliance together influenced the establishment of ISPCC for ISP compliance in organizations. Practical implications: Organizations should influence employees' attitudes towards compliance with ISP by providing effective ISP leadership, encouraging end-user involvement during the draft and update of ISP and nurturing a culture that is conducive for ISP compliance. Originality/value: The study provides some insights on how to effectively address the problem of non-compliance with ISP in organizations through the establishment of ISPCC, which has not been considered in any past research. … (more)
- Is Part Of:
- Information and computer security. Volume 26:Number 4(2018)
- Journal:
- Information and computer security
- Issue:
- Volume 26:Number 4(2018)
- Issue Display:
- Volume 26, Issue 4 (2018)
- Year:
- 2018
- Volume:
- 26
- Issue:
- 4
- Issue Sort Value:
- 2018-0026-0004-0000
- Page Start:
- 420
- Page End:
- 436
- Publication Date:
- 2018-10-08
- Subjects:
- Organizational culture -- Model -- Information security policy -- Behaviour intentions -- Compliance leadership -- User involvement
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-09-2017-0063 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 8619.xml