Information Security Policy Compliance Behavior Based on Comprehensive Dimensions of Information Security Culture: A Conceptual Framework
The adherence of employees towards Information Security Policy (ISP) established in the organization is crucial in reducing information security risks. Some scholars have suggested that employees’ compliance to ISP could be influenced by Information Security Culture (ISC) cultivated in the organizat...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English |
| Published: |
ACM New York, NY, USA
2017
|
| Subjects: | |
| Online Access: | http://umpir.ump.edu.my/id/eprint/18165/1/fskkp-2017-Nasir-Information%20security%20policy%20compliance%20behavior1.pdf http://umpir.ump.edu.my/id/eprint/18165/ https://doi.org/10.1145/3077584.3077593 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | The adherence of employees towards Information Security Policy (ISP) established in the organization is crucial in reducing information security risks. Some scholars have suggested that employees’ compliance to ISP could be influenced by Information Security Culture (ISC) cultivated in the organization. Several studies on the impact of ISC towards ISP compliance have proposed different dimensions and factors associated to ISC with substantial differences in each finding. This paper is discussing an enhanced conceptual framework of ISP compliance behavior by addressing ISC as a multidimensional concept which consist of seven comprehensive dimensions. These new proposed ISC dimensions developed using all the key factors of ISC in literature and were aligned with the widely accepted concept of organizational culture and ISC. The framework also integrated with the most significant behavioral theory in this domain of study, which is Theory of Planned Behavior to provide more deep understanding and richer findings of the compliance behavior. This framework is expected to give more accurate findings on the relationships between ISC and ISP compliance behavior. |
|---|