Investigation into the Factors Affecting the Voluntary Information Security Compliance Behavior : Compliance Behavioral Belief, Compliance Knowledge, and Compliance Relevance to Job

2016 ◽  
Vol 18 (2) ◽  
pp. 127-149
Author(s):  
Sang Soo Kim ◽  
◽  
Yong Jin Kim
Keyword(s):  
Information Security ◽  
Factors Affecting ◽  
Compliance Behavior ◽  
Behavioral Belief ◽  
Security Compliance

scholarly journals Productivity vs security: mitigating conflicting goals in organizations

2017 ◽  
Vol 25 (2) ◽  
pp. 137-151 ◽  
Author(s):  
Peter Mayer ◽  
Nina Gerber ◽  
Ronja McDermott ◽  
Melanie Volkamer ◽  
Joachim Vogt
Keyword(s):  
Information Security ◽  
Goal Setting ◽  
Security Policy ◽  
Negative Effects ◽  
Content Type ◽  
Factors Affecting ◽  
Positive Effects ◽  
Survey Results ◽  
Security Compliance ◽  
Reported Data

Purpose This paper aims to contribute to the understanding of goal setting in organizations, especially regarding the mitigation of conflicting productivity and security goals. Design/methodology/approach This paper describes the results of a survey with 200 German employees regarding the effects of goal setting on employees’ security compliance. Based on the survey results, a concept for setting information security goals in organizations building on actionable behavioral recommendations from information security awareness materials is developed. This concept was evaluated in three small- to medium-sized organizations (SMEs) with overall 90 employees. Findings The survey results revealed that the presence of rewards for productivity goal achievement is strongly associated with a decrease in security compliance. The evaluation of the goal setting concept indicates that setting their own information security goals is welcomed by employees. Research limitations/implications Both studies rely on self-reported data and are, therefore, likely to contain some kind of bias. Practical implications Goal setting in organizations has to accommodate for situations, where productivity goals constrain security policy compliance. Introducing the proposed goal setting concept based on relevant actionable behavioral recommendations can help mitigate issues in such situations. Originality/value This work furthers the understanding of the factors affecting employee security compliance. Furthermore, the proposed concept can help maximizing the positive effects of goal setting in organizations by mitigating the negative effects through the introduction of meaningful and actionable information security goals.

Factors Influencing Information Security Policy Compliance Behavior

2022 ◽  
pp. 213-232
Author(s):  
Kwame Simpe Ofori ◽  
Hod Anyigba ◽  
George Oppong Appiagyei Ampong ◽  
Osaretin Kayode Omoregie ◽  
Makafui Nyamadi ◽  
...  
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Future Research ◽  
General Deterrence ◽  
Security Education ◽  
Weakest Link ◽  
Compliance Behavior ◽  
Security Compliance ◽  
Information Security Policy Compliance ◽  
Security Policy Compliance

One of the major concerns of organizations in today's networked world is to unravel how employees comply with information security policies (ISPs) since the internal employee has been identified as the weakest link in security policy breaches. A number of studies have examined ISP compliance from the perspective of deterrence; however, there have been mixed results. The study seeks to examine information security compliance from the perspective of the general deterrence theory (GDT) and information security climate (ISC). Data was collected from 329 employees drawn from the five top-performing banks in Ghana and analyzed with PLS-SEM. Results from the study show that security education training and awareness, top-management's commitment for information security, and peer non-compliance behavior affect the information security climate in an organization. Information security climate, punishment severity, and certainty of deterrent were also found to influence employees' intention to comply with ISP. The implications, limitations, and directions for future research are discussed.

scholarly journals Theory-Based Model and Prediction Analysis of Information Security Compliance Behavior in the Saudi Healthcare Sector

Symmetry ◽  
2020 ◽  
Vol 12 (9) ◽  
pp. 1544
Author(s):  
Sultan T. Alanazi ◽  
Mohammed Anbar ◽  
Shouki A. Ebad ◽  
Shankar Karuppayah ◽  
Hadeer A. Al-Ani
Keyword(s):  
Saudi Arabia ◽  
Information Systems ◽  
Information Security ◽  
Health Information ◽  
Healthcare Workers ◽  
Health Information Systems ◽  
General Information ◽  
Kingdom Of Saudi Arabia ◽  
Compliance Behavior ◽  
Security Compliance

The adoption of health information systems provides many potential healthcare benefits. The government of the Kingdom of Saudi Arabia has subsidized this field. However, like those of other less developed countries, organizations in the Kingdom of Saudi Arabia struggle to secure their health information systems. This issue may stem from a lack of awareness regarding information security. To date, most related studies have not considered all of the factors affecting information security compliance behavior (ISCB), which include psychological traits, cultural and religious beliefs, and legal concerns. This paper aims to investigate the usefulness of a theory-based model and determine the predictors of ISCB among healthcare workers at government hospitals in the Kingdom of Saudi Arabia. The study investigated 433 health workers in Arar, the capital of the Northern Borders Province in the Kingdom of Saudi Arabia. Two phases involved in this study were the hypothetical model formulation and identification of ISCB predictors. The results suggest that moderating and non-common factors (e.g., religion and morality) impact ISCB, while demographic characteristics (e.g., age, marital status, and work experience) do not. All published instruments and theories were embedded to determine the most acceptable theories for Saudi culture. The theory-based model of ISCB establishes the main domains of theory for this study, which were religion/morality, self-efficacy, legal/punishment, personality traits, cost of compliance/noncompliance, subjective norms, information security policy, general information security, and technology awareness. Predictors of ISCB indicate that general information security, followed by self-efficacy and religion/morality, is the most influential factor on ISCB among healthcare workers in the Kingdom of Saudi Arabia. This study is considered as the first to present the symmetry between theory and actual descriptive results, which were not investigated before.

Factors Influencing Information Security Policy Compliance Behavior

2020 ◽  
pp. 152-171
Author(s):  
Kwame Simpe Ofori ◽  
Hod Anyigba ◽  
George Oppong Appiagyei Ampong ◽  
Osaretin Kayode Omoregie ◽  
Makafui Nyamadi ◽  
...  
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Future Research ◽  
General Deterrence ◽  
Security Education ◽  
Weakest Link ◽  
Compliance Behavior ◽  
Security Compliance ◽  
Information Security Policy Compliance ◽  
Security Policy Compliance

One of the major concerns of organizations in today's networked world is to unravel how employees comply with information security policies (ISPs) since the internal employee has been identified as the weakest link in security policy breaches. A number of studies have examined ISP compliance from the perspective of deterrence; however, there have been mixed results. The study seeks to examine information security compliance from the perspective of the general deterrence theory (GDT) and information security climate (ISC). Data was collected from 329 employees drawn from the five top-performing banks in Ghana and analyzed with PLS-SEM. Results from the study show that security education training and awareness, top-management's commitment for information security, and peer non-compliance behavior affect the information security climate in an organization. Information security climate, punishment severity, and certainty of deterrent were also found to influence employees' intention to comply with ISP. The implications, limitations, and directions for future research are discussed.

scholarly journals Why Employees (Still) Click on Phishing Links: An Investigation in Hospitals

10.2196/16775 ◽  
2020 ◽  
Vol 22 (1) ◽  
pp. e16775 ◽  
Author(s):  
Mohammad S Jalali ◽  
Maike Bruckes ◽  
Daniel Westmattelmann ◽  
Gerhard Schewe
Keyword(s):  
Information Security ◽  
Structural Equation ◽  
Behavioral Control ◽  
Equation Modeling ◽  
Perceived Behavioral Control ◽  
Security Technology ◽  
Compliance Behavior ◽  
Security Compliance ◽  
Reported Data ◽  
Felt Trust

Background Hospitals have been one of the major targets for phishing attacks. Despite efforts to improve information security compliance, hospitals still significantly suffer from such attacks, impacting the quality of care and the safety of patients. Objective This study aimed to investigate why hospital employees decide to click on phishing emails by analyzing actual clicking data. Methods We first gauged the factors that influence clicking behavior using the theory of planned behavior (TPB) and integrating trust theories. We then conducted a survey in hospitals and used structural equation modeling to investigate the components of compliance intention. We matched employees’ survey results with their actual clicking data from phishing campaigns. Results Our analysis (N=397) reveals that TPB factors (attitude, subjective norms, and perceived behavioral control), as well as collective felt trust and trust in information security technology, are positively related to compliance intention. However, compliance intention is not significantly related to compliance behavior. Only the level of employees’ workload is positively associated with the likelihood of employees clicking on a phishing link. Conclusions This is one of the few studies in information security and decision making that observed compliance behavior by analyzing clicking data rather than using self-reported data. We show that, in the context of phishing emails, intention and compliance might not be as strongly linked as previously assumed; hence, hospitals must remain vigilant with vulnerabilities that cannot be easily managed. Importantly, given the significant association between workload and noncompliance behavior (ie, clicking on phishing links), hospitals should better manage employees’ workload to increase information security. Our findings can help health care organizations augment employees’ compliance with their cybersecurity policies and reduce the likelihood of clicking on phishing links.

scholarly journals Studi Keperilakuan Wajib Pajak Orang Pribadi Usahawan Terhadap Kepatuhan Perpajakan

2019 ◽  
Vol 19 (2) ◽  
pp. 108
Author(s):  
Sifera Patricia Maithy ◽  
Sutrisno Sutrisno ◽  
Bambang Hariadi
Keyword(s):  
Data Collection ◽  
Learning Theory ◽  
Social Learning Theory ◽  
Tax Compliance ◽  
Subjective Norms ◽  
Survey Method ◽  
Behavior Control ◽  
Factors Affecting ◽  
Compliance Behavior ◽  
Compliance Model

This study aims to examine the taxpayer compliance behavior of individuals on all tax obligations. Factors affecting taxpayer compliance behavior of individual taxpayers in this study are attitudes toward taxes, subjective norms, control of perceptive behavior, tax knowledge, and intention to obey. This research is the development of tax compliance model from previous research. The sample of this research is 160 individual taxpayer individual entrepreneur category registered in KPP Pratama Palangka Raya. Data collection was done by survey method. Data is processed using SmartPLS. The results of this study obtained empirical evidence that attitudes on taxes, subjective norms, perceptual behavior control, tax knowledge, and intention to obediently affect taxpayer compliance personal taxpayer. This research also supports the theory of planned behavior and social learning theory.

Sign in / Sign up

Export Citation Format

Share Document