Sohrabi Safa et al., 2016: Information Security Policy Compliance Model in Organizations

Topic:

Information security knowledge sharing, collaboration, intervention and experience all have a significant effect on employees’ attitude towards compliance with organizational information security policies. Attachment does not have a significant effect.

Survey, 462 responses, argue that \emph{``the lack of information security awareness, ignorance, negligence, apathy, mischief, and resistance are the root of users' mistakes''}

Constructs in this publication:

Construct Cites Category Questions given? Content validity Pretests Response type Notes
Information security knowledge sharing Cheng et al., 2013, Ifinedo, 2014, Tamjidyamcholo et al., 2014, Witherspoon et al., 2013 Social bond/involvement yes no pilot
Information security collaboration Cheng et al., 2013, Ifinedo, 2014, Tamjidyamcholo et al., 2014, Witherspoon et al., 2013 Social bond/involvement yes no pilot
Information security intervention Cheng et al., 2013, Ifinedo, 2014, Tamjidyamcholo et al., 2014, Witherspoon et al., 2013 Social bond/involvement yes no pilot
Information security experience Cheng et al., 2013, Ifinedo, 2014, Tamjidyamcholo et al., 2014, Witherspoon et al., 2013 Social bond/involvement yes no pilot
Attachment Cheng et al., 2013, Ifinedo, 2014, Tamjidyamcholo et al., 2014, Witherspoon et al., 2013 Social bond yes no pilot
Commitment Cheng et al., 2013, Ifinedo, 2014, Tamjidyamcholo et al., 2014, Witherspoon et al., 2013 Social bond yes no pilot
Personal norms Cheng et al., 2013, Ifinedo, 2014, Tamjidyamcholo et al., 2014, Witherspoon et al., 2013 Social bond yes no pilot
Attitude towards compliance with ISOP Cheng et al., 2013, Ifinedo, 2014, Tamjidyamcholo et al., 2014, Witherspoon et al., 2013 yes no pilot
ISOP compliance behavioural intentions Cheng et al., 2013, Ifinedo, 2014, Tamjidyamcholo et al., 2014, Witherspoon et al., 2013 yes no pilot

Citation:

Nader Sohrabi Safa, Rossouw Von Solms, and Steven Furnell. Information security policy compliance model in organizations. Computers & Security, 56:70–82, February 2016. doi:10.1016/j.cose.2015.10.006.

Bibtex


@article{sohrabisafa_information_2016,
 abstract = {The Internet and information technology have influenced human life significantly. However, information security is still an important concern for both users and organizations. Technology cannot solely guarantee a secure environment for information; the human aspects of information security should be taken into consideration, besides the technological aspects. The lack of information security awareness, ignorance, negligence, apathy, mischief, and resistance are the root of users' mistakes. In this research, a novel model shows how complying with organizational information security policies shapes and mitigates the risk of employees' behaviour. The significant aspect of this research is derived from the conceptualization of different aspects of involvement, such as information security knowledge sharing, collaboration, intervention and experience, as well as attachment, commitment, and personal norms that are important elements in the Social Bond Theory. The results of the data analysis revealed that information security knowledge sharing, collaboration, intervention and experience all have a significant effect on employees' attitude towards compliance with organizational information security policies. However, attachment does not have a significant effect on employees' attitude towards information security policy compliance. In addition, the findings have shown that commitment and personal norms affect employees' attitude. Attitude towards compliance with information security organizational policies also has a significant effect on the behavioural intention regarding information security compliance.},
 author = {Sohrabi Safa, Nader and Von Solms, Rossouw and Furnell, Steven},
 doi = {10.1016/j.cose.2015.10.006},
 issn = {0167-4048},
 journal = {Computers \& Security},
 keywords = {Information Security,Organization policies,Users' behaviour,Involvement,Attitude},
 month = {February},
 pages = {70-82},
 title = {Information Security Policy Compliance Model in Organizations},
 volume = {56},
 year = {2016}
}