Information security policy compliance model in organizations. Issue 56 (February 2016)
- Record Type:
- Journal Article
- Title:
- Information security policy compliance model in organizations. Issue 56 (February 2016)
- Main Title:
- Information security policy compliance model in organizations
- Authors:
- Sohrabi Safa, Nader
Von Solms, Rossouw
Furnell, Steven - Abstract:
- Highlights: Information security policy compliance protects information assets in organizations. Involvement positively influences information security policy compliance. Attachment does not positively influence information security policy compliance. Commitment positively influences information security policy compliance. Personal norms positively influence information security policy compliance. Abstract: The Internet and information technology have influenced human life significantly. However, information security is still an important concern for both users and organizations. Technology cannot solely guarantee a secure environment for information; the human aspects of information security should be taken into consideration, besides the technological aspects. The lack of information security awareness, ignorance, negligence, apathy, mischief, and resistance are the root of users' mistakes. In this research, a novel model shows how complying with organizational information security policies shapes and mitigates the risk of employees' behaviour. The significant aspect of this research is derived from the conceptualization of different aspects of involvement, such as information security knowledge sharing, collaboration, intervention and experience, as well as attachment, commitment, and personal norms that are important elements in the Social Bond Theory. The results of the data analysis revealed that information security knowledge sharing, collaboration, intervention andHighlights: Information security policy compliance protects information assets in organizations. Involvement positively influences information security policy compliance. Attachment does not positively influence information security policy compliance. Commitment positively influences information security policy compliance. Personal norms positively influence information security policy compliance. Abstract: The Internet and information technology have influenced human life significantly. However, information security is still an important concern for both users and organizations. Technology cannot solely guarantee a secure environment for information; the human aspects of information security should be taken into consideration, besides the technological aspects. The lack of information security awareness, ignorance, negligence, apathy, mischief, and resistance are the root of users' mistakes. In this research, a novel model shows how complying with organizational information security policies shapes and mitigates the risk of employees' behaviour. The significant aspect of this research is derived from the conceptualization of different aspects of involvement, such as information security knowledge sharing, collaboration, intervention and experience, as well as attachment, commitment, and personal norms that are important elements in the Social Bond Theory. The results of the data analysis revealed that information security knowledge sharing, collaboration, intervention and experience all have a significant effect on employees' attitude towards compliance with organizational information security policies. However, attachment does not have a significant effect on employees' attitude towards information security policy compliance. In addition, the findings have shown that commitment and personal norms affect employees' attitude. Attitude towards compliance with information security organizational policies also has a significant effect on the behavioural intention regarding information security compliance. … (more)
- Is Part Of:
- Computers & security. Issue 56(2016)
- Journal:
- Computers & security
- Issue:
- Issue 56(2016)
- Issue Display:
- Volume 56, Issue 56 (2016)
- Year:
- 2016
- Volume:
- 56
- Issue:
- 56
- Issue Sort Value:
- 2016-0056-0056-0000
- Page Start:
- 70
- Page End:
- 82
- Publication Date:
- 2016-02
- Subjects:
- Information security -- Organization policies -- Users' behaviour -- Involvement -- Attitude
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2015.10.006 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 14482.xml