scholarly journals SECURITY POLICY COMPLIANCE IN PUBLIC INSTITUTIONS: AN INTEGRATIVE APPROACH

2018 ◽  
Vol 2 (1) ◽  
pp. 13-28
Author(s):  
Daniel Koloseni ◽  
Chong Yee Lee ◽  
Gan Ming Lee
Keyword(s):  
Organizational Commitment ◽  
Information Security ◽  
Security Policy ◽  
Structural Equation ◽  
Public Organizations ◽  
Security Policies ◽  
Integrative Approach ◽  
Security Awareness ◽  
Information Security Policy ◽  
Information Security Awareness

The success of organizational information security policies depends on employee’s continuous compliance from the time when it was first introduced into the organization. Hence, the purpose of this study is to investigate continuous compliance with information security policy among public organizations. Data were collected from 265 employees working in Tanzania public organizations. Data analysis employed a Structural Equation Modelling (SEM) approach. The study found that the effects of organizational commitment, perceived susceptibility and perceived severity have a positive influence on employee’s continuance intention to comply with security policies, while perceived barriers have a negative influence. Moreover, the effects of perceived benefits, self-efficacy, cues and information security awareness have no significant influence. Based on these findings, recommendations were given. There is a paucity of empirical research which investigates key issues that may influence information security policy continuous compliance in organizations. This study addresses this research gap, by integrating the Health Belief Model (HBM) with employee’s organizational commitment and information security awareness constructs to investigate information security policy continuance compliance in organizations.

Designing an Effective Information Security Policy for Public Organizations

2021 ◽  
pp. 1176-1193
Author(s):  
Yassine Maleh ◽  
Mustapha Belaissaoui
Keyword(s):  
Middle East ◽  
Information Security ◽  
North Africa ◽  
Security Policy ◽  
Success Factors ◽  
Public Organizations ◽  
Security Policies ◽  
Information Security Policy ◽  
Specific Focus ◽  
Iso 27001

This chapter aims to study the success factors of the ISO 27001 framework related to the implementation of information security in organizations, with particular emphasis on the different maturity controls of ISO 27001 in the implementation of information security policies in organizations. The purpose of this paper is to investigate what controls are commonly used and how they are selected to the implementation of information security in large public organizations in Middle East and North Africa MENA through ISO 27001, with a specific focus on practical framework for the implementation of an effective information security policy through ISO27001. The finding will help organizations to assess organizations to implement an effective information security policy.

Information Security Policy in Large Public Organizations

2019 ◽  
pp. 349-402
Keyword(s):  
Middle East ◽  
Information Security ◽  
North Africa ◽  
Security Policy ◽  
Success Factors ◽  
Public Organizations ◽  
Security Policies ◽  
Information Security Policy ◽  
Specific Focus

The aim of this chapter is to study the success factors of the ISO 27002 framework related to the implementation of information security in organizations, with particular emphasis on the different maturity controls of ISO 27002 in the implementation of information security policies in organizations. The purpose of this chapter is to investigate what controls are commonly used and how they are selected to the implementation of an information security in large public organizations in Middle East and North Africa (MENA) through ISO27002, with a specific focus on practical framework for the implementation of an effective information security policy through ISO27002. The finding will help organizations to assess organizations to implement an effective information security policy.

Impact of Deterrence and Inertia on Information Security Policy Changes

2019 ◽  
Vol 34 (1) ◽  
pp. 123-134
Author(s):  
Kalana Malimage ◽  
Nirmalee Raddatz ◽  
Brad S. Trinkle ◽  
Robert E. Crossler ◽  
Rebecca Baaske
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Online Survey ◽  
Security Policies ◽  
Security Measures ◽  
Policy Changes ◽  
Information Security Policy ◽  
Improve Compliance ◽  
The Impact

ABSTRACT This study examines the impact of deterrence and inertia on information security policy changes. Corporations recognize the need to prioritize information security, which sometimes involves designing and implementing new security measures or policies. Using an online survey, we investigate the effect of deterrent sanctions and inertia on respondents' intentions to comply with modifications to company information security policies. We find that certainty and celerity associated with deterrent sanctions increase compliance intentions, while inertia decreases respondents' compliance intentions related to modified information security policies. Therefore, organizations must work to overcome employees' reluctance to change in order to improve compliance with security policy modifications. They may also consider implementing certain and timely sanctions for noncompliance.

scholarly journals State Information Security Policy (Comparative Legal Aspect)

2021 ◽  
Vol 39 (71) ◽  
pp. 166-186
Author(s):  
Viacheslav B. Dziundziuk ◽  
Yevgen V. Kotukh ◽  
Olena M. Krutii ◽  
Vitalii P. Solovykh ◽  
Oleksandr A. Kotukov
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Rapid Development ◽  
Legal Aspect ◽  
Public Information ◽  
Security Policies ◽  
The European Union ◽  
Public Authorities ◽  
Information Security Policy ◽  
State Information

The rapid development of information technology and the problem of its rapid implementation in all spheres of public life, the growing importance of information in management decisions to be made by public authorities, a new format of media — these and other factors urge the problem of developing and implementing quality state information security policy. The aim of the article was to conduct a comparative analysis of the latest practices of improving public information security policies in the European Union, as well as European countries such as Poland, Germany, Great Britain, and Ukraine. The formal-logic, system-structural and problem-theoretical methods were the leading methodological tools. The analysis of regulatory legal acts showed that there is a single concept of international information security at the global and regional levels, which requires additional legal instruments for its implementation. It is stated that the reform of national information security policies has a direct impact on the formation of a single global information space. According to the results of the study, it is substantiated that the United Kingdom is characterized by the most promising information security policy.

Influences of Frame Incongruence on Information Security Policy Outcomes

2013 ◽  
Vol 3 (3) ◽  
pp. 33-50 ◽  
Author(s):  
Anna Elina Laaksonen ◽  
Marko Niemimaa ◽  
Dan Harnesk
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Cognitive Theory ◽  
Security Policies ◽  
Policy Outcomes ◽  
Information Security Policy ◽  
Internet Service ◽  
Policy Frames ◽  
Concept Of Information

Despite the significant resources organizations devote to information security policies, the policies rarely produce intended outcome. Prior research has sought to explain motivations for non-compliance and suggested approaches for motivating employees for compliance using theories largely derived from psychology. However, the socio-cognitive structures that shape employees' perceptions of the policies and how they influence policy outcomes have received only modest attention. In this study, the authors draw on the socio-cognitive theory of frames and on literature on information security policies in order to suggest a theoretical and analytical concept of Information Security Policy Frames of Reference (ISPFOR). The concept is applied as a sensitizing device, in order to systematically analyze and interpret how the perceptions of policies are shaped by the frames and how they influence policy outcomes. The authors apply the sensitizing device in an interpretive case study conducted at a large multinational internet service provider. The authors’ findings suggest the frames shape the perceptions and can provide a socio-cognitive explanation for unanticipated policy outcomes. Implications for research and practice are discussed.

scholarly journals Hospital Staff’s Adherence to Information Security Policy: A Quest for the Antecedents of Deterrence Variables

2021 ◽  
Vol 58 ◽  
pp. 004695802110295
Author(s):  
Kuang-Ming Kuo ◽  
Paul C. Talley ◽  
Dyi-Yih Michael Lin
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Structural Equation ◽  
International Standards ◽  
Equation Modeling ◽  
Management Support ◽  
Internal Auditing ◽  
Information Security Policy ◽  
Security Breaches ◽  
Upper Echelon Theory

Information security has come to the forefront as an organizational priority since information systems are considered as some of the most important assets for achieving competitive advantages. Despite huge capital expenditures devoted to information security, the occurrence of security breaches is still very much on the rise. More studies are thus required to inform organizations with a better insight on how to adequately promote information security. To address this issue, this study investigates important factors influencing hospital staff’s adherence to Information Security Policy (ISP). Deterrence theory is adopted as the theoretical underpinning, in which punishment severity and punishment certainty are recognized as the most significant predictors of ISP adherence. Further, this study attempts to identify the antecedents of punishment severity and punishment certainty by drawing from upper echelon theory and well-acknowledged international standards of IS security practices. A survey approach was used to collect 299 valid responses from a large Taiwanese healthcare system, and hypotheses were tested by applying partial least squares-based structural equation modeling. Our empirical results show that Security Education, Training, and Awareness (SETA) programs, combined with internal auditing effectiveness are significant predictors of punishment severity and punishment certainty, while top management support is not. Further, punishment severity and punishment certainty are significant predictors of hospital staff’s ISP adherence intention. Our study highlights the importance of SETA programs and internal auditing for reinforcing hospital staff’s perceptions on punishment concerning ISP violation, hospitals can thus propose better internal strategies to improve their staff’s ISP compliance intention accordingly.

Sign in / Sign up

Export Citation Format

Share Document