Building an awareness-centered information security policy compliance model. Issue 1 (10th January 2020)
- Record Type:
- Journal Article
- Title:
- Building an awareness-centered information security policy compliance model. Issue 1 (10th January 2020)
- Main Title:
- Building an awareness-centered information security policy compliance model
- Authors:
- Koohang, Alex
Anderson, Jonathan
Nord, Jeretta Horn
Paliszkiewicz, Joanna - Abstract:
- Abstract : Purpose: The purpose of this paper is to build an awareness-centered information security policy (ISP) compliance model, asserting that awareness is the key to ISP compliance and that awareness depends upon several variables that influence successful ISP compliance. Design/methodology/approach: The authors built a model with seven constructs, i.e., leadership, trusting beliefs, information security issues awareness (ISIA), ISP awareness, understanding resource vulnerability, self-efficacy (SE) and intention to comply. Seven hypotheses were stated. A sample of 285 non-management employees was used from various organizations in the USA. The authors used path modeling to analyze the data. Findings: The findings indicated that IS awareness depends on effective organizational leadership and elevated employees' trusting beliefs. The understanding of resource vulnerability (URV) and SE are influenced by IS awareness resulting from effective leadership and elevated employees' trusting beliefs which guide employees to comply with ISP requirements. Practical implications: Practical implications were aimed at organizations embracing an awareness-centered information security compliance program to secure organizations' assets against threats by implementing various security education and training awareness programs. Originality/value: This paper asserts that awareness is central to ISP compliance. Leadership and trusting beliefs variables play significant roles in theAbstract : Purpose: The purpose of this paper is to build an awareness-centered information security policy (ISP) compliance model, asserting that awareness is the key to ISP compliance and that awareness depends upon several variables that influence successful ISP compliance. Design/methodology/approach: The authors built a model with seven constructs, i.e., leadership, trusting beliefs, information security issues awareness (ISIA), ISP awareness, understanding resource vulnerability, self-efficacy (SE) and intention to comply. Seven hypotheses were stated. A sample of 285 non-management employees was used from various organizations in the USA. The authors used path modeling to analyze the data. Findings: The findings indicated that IS awareness depends on effective organizational leadership and elevated employees' trusting beliefs. The understanding of resource vulnerability (URV) and SE are influenced by IS awareness resulting from effective leadership and elevated employees' trusting beliefs which guide employees to comply with ISP requirements. Practical implications: Practical implications were aimed at organizations embracing an awareness-centered information security compliance program to secure organizations' assets against threats by implementing various security education and training awareness programs. Originality/value: This paper asserts that awareness is central to ISP compliance. Leadership and trusting beliefs variables play significant roles in the information security awareness which in turn positively affect employees' URV and SE variables leading employees to comply with the ISP requirements. … (more)
- Is Part Of:
- Industrial management & data systems. Volume 120:Issue 1(2020)
- Journal:
- Industrial management & data systems
- Issue:
- Volume 120:Issue 1(2020)
- Issue Display:
- Volume 120, Issue 1 (2020)
- Year:
- 2020
- Volume:
- 120
- Issue:
- 1
- Issue Sort Value:
- 2020-0120-0001-0000
- Page Start:
- 231
- Page End:
- 247
- Publication Date:
- 2020-01-10
- Subjects:
- Compliance -- Leadership -- Trust -- Awareness -- Information security policy
Industrial management -- Periodicals
Electronic data processing -- Periodicals
Business -- Periodicals
Industrial management -- Great Britain -- Periodicals
658.05 - Journal URLs:
- http://www.emeraldinsight.com/0263-5577.htm ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/IMDS-07-2019-0412 ↗
- Languages:
- English
- ISSNs:
- 0263-5577
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4457.715000
British Library DSC - BLDSS-3PM
British Library STI - ELD Digital store - Ingest File:
- 22093.xml