Abstract
Organizations are adopting security policies to protect critical information, despite the fact that IT users frequently violate these standards. Numerous factors affecting user compliance have been identified in previous research, but few research findings have addressed human and organizational factors. The purpose of this study is to ascertain the human and organizational factors that influence user adherence to policies. The variables examined included leadership, organizational commitment, rewards, awareness, behavioral intentions, and habits, all of which were gender-related. This is a quantitative study that includes offline and online surveys of university users in Indonesia. The findings indicated that the awareness variable had the greatest effect, while the reward variable had no effect. This research is expected to contribute to an understanding of how to comply with information security policies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Interpol (2021): Asean cyberthreat assessment 2021
Moody, G.D., Siponen, M., Pahnila, S.: Toward a unified model of information security policy compliance. MIS Q. 42, 285–311 (2018)
Pahnila, S., Siponen, M., Mahmood, A.: Employees’ behavior towards IS security policy compliance. In: Proceedings of the Annual Hawaii International Conference on System Sciences, pp. 1–10 (2007)
Manjula, R., Bagchi, K., Ramesh, S., Baskaran, A.: Policy compliance in information security. Int. J. Pharm. Technol. 8, 22330–22340 (2016)
Doherty, N.F., Fulford, H.: Aligning the information security policy with the strategic information systems plan. Comput. Secur. 25, 55–63 (2006)
Höne, K., Eloff, J.H.P.: What makes an effective information security policy? Netw. Secur. 2002, 14–16 (2002)
Wiant, T.L.: Information security policy’s impact on reporting security incidents. Comput. Secur. 24, 448–459 (2005)
Sohrabi Safa, N., Von Solms, R., Furnell, S.: Information security policy compliance model in organizations. Comput. Secur. 56, 1–13 (2016)
Furnell, S.: Malicious or misinformed? Exploring a contributor to the insider threat Comput. Fraud Secur. 2006, 8–12 (2006)
Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34, 523–548 (2010)
Sommestad, T., Karlzén, H., Hallberg, J.: The theory of planned behavior and information security policy compliance. J. Comput. Inf. Syst. 1–10 (2017)
D’Arcy, J., Lowry, P.B.: Cognitive-affective drivers of employees’ daily compliance with information security policies: a multilevel, longitudinal study. Inf. Syst. J. 1–27 (2017)
Alotaibi, M., Furnell, S., Clarke, N.: Information security policies : a review of challenges and influencing factors. In: 11th International Conference for Internet Technology and Secured Transactions, pp. 352–358 (2016)
Ifinedo, P.: Information systems security policy compliance: an empirical study of the effects of socialisation, influence, and cognition. Inf. Manag. 51, 69–79 (2014)
Safa, N.S., Von, S.R., Furnell, S.: Information security policy compliance model in organizations. Comput. Secur. (2015). https://doi.org/10.1016/j.cose.2015.10.006
Silva, A.C.: What is Leadership? (2016)
Siponen, M., Willison, R.: Information security management standards: problems and solutions. Inf. Manag. 46, 267–270 (2009)
Humaidi, N., Balakrishnan, V.: Leadership styles and information security compliance behavior: the mediator effect of information security awareness. Int. J. Inf. Educ. Technol. 5, 311–318 (2015)
Avey, J.B., Palanski, M.E., Walumbwa, F.O.: When leadership goes unnoticed: the moderating role of follower self-esteem on the relationship between ethical leadership and follower behavior. J. Bus. Ethics 98, 573–582 (2011)
Mowday, R.T.: Reflections on the study and relevance of organizational commitment. Hum. Resour. Manag. Rev. 8, 387–401 (1998)
Lowry, P.B., Posey, C., Bennett, R.B.J., Roberts, T.L.: Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: an empirical study of the influence of counterfactual reasoning and organisational trust. Inf. Syst. J. 25, 193–273 (2015)
Herath, T., Rao, H.R.: Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness. Decis. Support Syst. 47, 154–165 (2009)
Siponen, M., Adam Mahmood, M., Pahnila, S.: Employees’ adherence to information security policies: an exploratory field study. Inf. Manag. 51, 217–224 (2014)
Limayem, M., Hirt, S.G., Cheung, C.M.K.: Research article how habit limits the predictive power of intention: the case of information. MIS Q. 31, 705–737 (2007)
Consolvo, S., Langheinrich, M.: Identifying factors that influence employees’ security behavior for enhancing ISP compliance. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds.) Trust, Privacy and Security in Digital Business. TrustBus 2015. LNCS, vol. 9264., pp. 8–23 Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22906-5_13
Lebek, B., Uffen, J., Neumann, M., Hohler, B., Breitner, M.H.: Information security awareness and behavior: a theory-based literature review. Manag. Res. Rev. 37, 1049–1092 (2014)
Puhakainen, S.: Improving employees’ compliance through information systems security training: an action research study. MIS Q. 34, 757 (2010)
Abed, J., Dhillon, G., Ozkan, S.: Investigating continuous security compliance behavior : insights from information systems continuance model. In: Twenty-second Americas Conference on Information Systems San Diego, pp. 1–10 (2016)
Herath, T., Rao, H.R.: Protection motivation and deterrence: a framework for security policy compliance in organisations. Eur. J. Inf. Syst. 18, 106–125 (2009)
Sharma, S., Warkentin, M.: Do i really belong?: Impact of employment status on information security policy compliance. Comput. Secur. 87, 101397 (2019)
Thangavelu, M., Krishnaswamy, V., Sharma, M.: Impact of comprehensive information security awareness and cognitive characteristics on security incident management–an empirical study. Comput. Secur. 109, 102401 (2021)
Koohang, A., Nowak, A., Paliszkiewicz, J., Nord, J.H.: Information security policy compliance: leadership, trust, role values, and awareness. J. Comput. Inf. Syst. 60, 1–8 (2020)
Hair, J.F., Hult, G.T.M., Ringle, C.M., Sarstedt, M.: A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM), p. 165. Sage, Thousand Oaks (2013)
Hair, J.F., Risher, J.J., Sarstedt, M., Ringle, C.M.: When to use and how to report the results of PLS-SEM. Eur. Bus. Rev. 31, 2–24 (2019)
Hair Jr, J.F., Sarstedt, M., Hopkins, L., Kuppelwieser, V.G.: Partial least squares structural equation modeling (PLS-SEM). Eur. Bus. Rev. 26, 106–121 (2014)
Hair Jr, J.F., Black, W.C., Babin, B.J., Anderson, R.E.: Multivariate data Analysis (2018). https://doi.org/10.1002/9781119409137.ch4
Henseler, J., Sarstedt, M.: Goodness-of-fit indices for partial least squares path modeling, pp. 565–580 (2013)
Safa, N.S., Von Solms, R.: An information security knowledge sharing model in organizations. Comput. Hum. Behav. 57, 442–451 (2016)
Guhr, N., Lebek, B., Breitner, M.H.: The impact of leadership on employees’ intended information security behaviour: an examination of the full-range leadership theory. Inf. Syst. J. 29, 340–362 (2019)
Sharma, S., Warkentin, M.: Do i really belong?: Impact of employment status on information security policy compliance. Comput. Secur. (2018). https://doi.org/10.1016/j.cose.2018.09.005
Liu, C., Wang, N., Liang, H.: Motivating information security policy compliance: the critical role of supervisor-subordinate guanxi and organizational commitment. Int. J. Inf. Manag. 54, 02152 (2020)
Gerber, N., McDermott, R., Volkamer, M., Vogt, J.: Understanding information security compliance - why goal setting and rewards might be a bad idea. In: International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016), vol. 10, pp. 145–155 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Angraini, Alias, R.A., Okfalisa (2022). Information Security Policy Compliance: An Exploration of User Behaviour and Organizational Factors. In: Saeed, F., Mohammed, F., Ghaleb, F. (eds) Advances on Intelligent Informatics and Computing. IRICT 2021. Lecture Notes on Data Engineering and Communications Technologies, vol 127. Springer, Cham. https://doi.org/10.1007/978-3-030-98741-1_53
Download citation
DOI: https://doi.org/10.1007/978-3-030-98741-1_53
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-98740-4
Online ISBN: 978-3-030-98741-1
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)