Information Security Policy Compliance Culture

Information security policy (ISP) noncompliance is a growing problem that accounts for a significant number of security breaches in organizations. Existing strategies for changing employees' behavior intentions towards compliance have not been effective. It is therefore imperative to identify other effective strategies to address the problem. This article investigates the effect accountability constructs on employees' attitudes and behavior intentions towards establishing ISP compliance as a culture. In addition, the authors validate a testable research model for predicting employees' compliance behavior intentions in a field survey involving 313 employees from selected Ghanaian companies. The overall effect showed that measures of accountability significantly influenced employees' attitudes and behavior intentions to ISP compliance while the establishment of ISP compliance culture largely depended on the existence of a conducive information security culture and positive employee behavior intentions.

Download Full-text

The Effect of Organizational Information Security Climate on Information Security Policy Compliance: The Mediating Effect of Social Bonding towards Healthcare Nurses

Sustainability ◽

10.3390/su13052800 ◽

2021 ◽

Vol 13 (5) ◽

pp. 2800

Author(s):

Ke Dong ◽

Rao Faizan Ali ◽

P. D. D. Dominic ◽

Syed Emad Azhar Ali

Keyword(s):

Information Security ◽

Security Policy ◽

Mediating Effect ◽

Social Bond ◽

Policy Compliance ◽

Information Security Policy ◽

Security Breaches ◽

Organizational Information ◽

Information Security Policy Compliance ◽

Security Policy Compliance

The advancement of information communication technology in healthcare institutions has increased information security breaches. Scholars and industry practitioners have reported that most security breaches are due to negligence towards organizational information security policy compliance (ISPC) by healthcare employees such as nurses. There is, however, a lack of understanding of the factors that ensure ISPC among nurses, especially in developing countries such as Malaysia. This paper develops and examines a research framework that draws upon the factors of organizational climate of information security (OCIS) and social bond theory to enhance ISPC among nurses. A questionnaire was adopted in which responses were obtained from 241 nurses employed in 30 hospitals in Malaysia. The findings from the study demonstrated that the ISPC among nurses is enhanced through OCIS factors. The influence on ISPC was even more significant when examined by the mediating effect of the social bond. It implies that influential OCIS factors reinforce social bonds among nurses and eventually increase the ISPC. For information security practitioners, the study findings emphasize the prevalence of socio-active information security culture in healthcare organizations to enhance ISP compliance among nurses.

Download Full-text

A Review of the Theory of Planned Behaviour in the Context of Information Security Policy Compliance

Security and Privacy Protection in Information Processing Systems - IFIP Advances in Information and Communication Technology ◽

10.1007/978-3-642-39218-4_20 ◽

2013 ◽

pp. 257-271 ◽

Cited By ~ 9

Author(s):

Teodor Sommestad ◽

Jonas Hallberg

Keyword(s):

Information Security ◽

Security Policy ◽

Theory Of Planned Behaviour ◽

Policy Compliance ◽

Planned Behaviour ◽

Information Security Policy ◽

Information Security Policy Compliance ◽

Security Policy Compliance

Download Full-text

A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research

Information Systems Frontiers ◽

10.1007/s10796-019-09956-4 ◽

2019 ◽

Vol 21 (6) ◽

pp. 1265-1284 ◽

Cited By ~ 5

Author(s):

Simon Trang ◽

Benedikt Brendel

Keyword(s):

Information Security ◽

Security Policy ◽

Meta Analysis ◽

Deterrence Theory ◽

Policy Compliance ◽

Information Security Policy ◽

Information Security Policy Compliance ◽

Security Policy Compliance

Download Full-text

Information Security Policy Compliance Competences

Encyclopedia of Cryptography, Security and Privacy ◽

10.1007/978-3-642-27739-9_1676-1 ◽

2021 ◽

pp. 1-3

Author(s):

Aggeliki Tsohou ◽

Maria Karyda

Keyword(s):

Information Security ◽

Security Policy ◽

Policy Compliance ◽

Information Security Policy ◽

Information Security Policy Compliance ◽

Security Policy Compliance

Download Full-text

The Cultural Foundation of Information Security Behavior

Research Anthology on Privatizing and Securing Data ◽

10.4018/978-1-7998-8954-0.ch024 ◽

2021 ◽

pp. 522-545

Author(s):

Canchu Lin ◽

Anand S. Kunnathur ◽

Long Li

Keyword(s):

Organizational Culture ◽

Information Security ◽

Security Policy ◽

Behavior Control ◽

Policy Compliance ◽

Information Security Policy ◽

Information Security Behavior ◽

Security Behavior ◽

Information Security Policy Compliance ◽

Security Policy Compliance

Past behavior research overwhelmingly focused on information security policy compliance and under explored the role of organizational context in shaping information security behaviors. To address this research gap, this study integrated two threads of literature: organizational culture, and information security behavior control, and proposed a framework that integrates mid-range theories used in empirical research, connects them to organizational culture, and predicts its role in information security behavior control. Consistent with the cultural-fit perspective, this framework shows that information security policy compliance fits hierarchical culture and the approach of promoting positive, proactive, and emerging information security behaviors fits participative culture. Contributions and practical implications of this framework, together with future research directions, are discussed.

Download Full-text