Information security policy compliance model in organizations

Nader Sohrabi Safa, Rossouw Von Solms, Steven Furnell

Research output: Contribution to journalArticle

86 Citations (Scopus)

Abstract

The Internet and information technology have influenced human life significantly. However, information security is still an important concern for both users and organizations. Technology cannot solely guarantee a secure environment for information; the human aspects of information security should be taken into consideration, besides the technological aspects. The lack of information security awareness, ignorance, negligence, apathy, mischief, and resistance are the root of users' mistakes. In this research, a novel model shows how complying with organizational information security policies shapes and mitigates the risk of employees' behaviour. The significant aspect of this research is derived from the conceptualization of different aspects of involvement, such as information security knowledge sharing, collaboration, intervention and experience, as well as attachment, commitment, and personal norms that are important elements in the Social Bond Theory. The results of the data analysis revealed that information security knowledge sharing, collaboration, intervention and experience all have a significant effect on employees' attitude towards compliance with organizational information security policies. However, attachment does not have a significant effect on employees' attitude towards information security policy compliance. In addition, the findings have shown that commitment and personal norms affect employees' attitude. Attitude towards compliance with information security organizational policies also has a significant effect on the behavioural intention regarding information security compliance.

Original languageEnglish
Pages (from-to)70-82
Number of pages13
JournalComputers and Security
Volume56
Early online date3 Nov 2015
DOIs
Publication statusPublished - 1 Feb 2016
Externally publishedYes

Fingerprint

security policy
Security of data
Personnel
employee
Compliance
commitment
apathy
Information technology
knowledge
guarantee
experience
data analysis
Internet
information technology

Keywords

  • Attitude
  • Information security
  • Involvement
  • Organization policies
  • Users' behaviour

ASJC Scopus subject areas

  • Computer Science(all)
  • Law

Cite this

Information security policy compliance model in organizations. / Sohrabi Safa, Nader; Von Solms, Rossouw; Furnell, Steven.

In: Computers and Security, Vol. 56, 01.02.2016, p. 70-82.

Research output: Contribution to journalArticle

Sohrabi Safa, Nader ; Von Solms, Rossouw ; Furnell, Steven. / Information security policy compliance model in organizations. In: Computers and Security. 2016 ; Vol. 56. pp. 70-82.
@article{2b041e9c4f264d358c058ea3e57f88d0,
title = "Information security policy compliance model in organizations",
abstract = "The Internet and information technology have influenced human life significantly. However, information security is still an important concern for both users and organizations. Technology cannot solely guarantee a secure environment for information; the human aspects of information security should be taken into consideration, besides the technological aspects. The lack of information security awareness, ignorance, negligence, apathy, mischief, and resistance are the root of users' mistakes. In this research, a novel model shows how complying with organizational information security policies shapes and mitigates the risk of employees' behaviour. The significant aspect of this research is derived from the conceptualization of different aspects of involvement, such as information security knowledge sharing, collaboration, intervention and experience, as well as attachment, commitment, and personal norms that are important elements in the Social Bond Theory. The results of the data analysis revealed that information security knowledge sharing, collaboration, intervention and experience all have a significant effect on employees' attitude towards compliance with organizational information security policies. However, attachment does not have a significant effect on employees' attitude towards information security policy compliance. In addition, the findings have shown that commitment and personal norms affect employees' attitude. Attitude towards compliance with information security organizational policies also has a significant effect on the behavioural intention regarding information security compliance.",
keywords = "Attitude, Information security, Involvement, Organization policies, Users' behaviour",
author = "{Sohrabi Safa}, Nader and {Von Solms}, Rossouw and Steven Furnell",
year = "2016",
month = "2",
day = "1",
doi = "10.1016/j.cose.2015.10.006",
language = "English",
volume = "56",
pages = "70--82",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier",

}

TY - JOUR

T1 - Information security policy compliance model in organizations

AU - Sohrabi Safa, Nader

AU - Von Solms, Rossouw

AU - Furnell, Steven

PY - 2016/2/1

Y1 - 2016/2/1

N2 - The Internet and information technology have influenced human life significantly. However, information security is still an important concern for both users and organizations. Technology cannot solely guarantee a secure environment for information; the human aspects of information security should be taken into consideration, besides the technological aspects. The lack of information security awareness, ignorance, negligence, apathy, mischief, and resistance are the root of users' mistakes. In this research, a novel model shows how complying with organizational information security policies shapes and mitigates the risk of employees' behaviour. The significant aspect of this research is derived from the conceptualization of different aspects of involvement, such as information security knowledge sharing, collaboration, intervention and experience, as well as attachment, commitment, and personal norms that are important elements in the Social Bond Theory. The results of the data analysis revealed that information security knowledge sharing, collaboration, intervention and experience all have a significant effect on employees' attitude towards compliance with organizational information security policies. However, attachment does not have a significant effect on employees' attitude towards information security policy compliance. In addition, the findings have shown that commitment and personal norms affect employees' attitude. Attitude towards compliance with information security organizational policies also has a significant effect on the behavioural intention regarding information security compliance.

AB - The Internet and information technology have influenced human life significantly. However, information security is still an important concern for both users and organizations. Technology cannot solely guarantee a secure environment for information; the human aspects of information security should be taken into consideration, besides the technological aspects. The lack of information security awareness, ignorance, negligence, apathy, mischief, and resistance are the root of users' mistakes. In this research, a novel model shows how complying with organizational information security policies shapes and mitigates the risk of employees' behaviour. The significant aspect of this research is derived from the conceptualization of different aspects of involvement, such as information security knowledge sharing, collaboration, intervention and experience, as well as attachment, commitment, and personal norms that are important elements in the Social Bond Theory. The results of the data analysis revealed that information security knowledge sharing, collaboration, intervention and experience all have a significant effect on employees' attitude towards compliance with organizational information security policies. However, attachment does not have a significant effect on employees' attitude towards information security policy compliance. In addition, the findings have shown that commitment and personal norms affect employees' attitude. Attitude towards compliance with information security organizational policies also has a significant effect on the behavioural intention regarding information security compliance.

KW - Attitude

KW - Information security

KW - Involvement

KW - Organization policies

KW - Users' behaviour

UR - http://www.scopus.com/inward/record.url?scp=84947072811&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2015.10.006

DO - 10.1016/j.cose.2015.10.006

M3 - Article

VL - 56

SP - 70

EP - 82

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

ER -