Skip to main content
SpringerLink
Log in

Information Security Policy Compliance: An Exploration of User Behaviour and Organizational Factors

  • Conference paper
  • First Online:
Advances on Intelligent Informatics and Computing (IRICT 2021)

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 127))

  • 961 Accesses

Abstract

Organizations are adopting security policies to protect critical information, despite the fact that IT users frequently violate these standards. Numerous factors affecting user compliance have been identified in previous research, but few research findings have addressed human and organizational factors. The purpose of this study is to ascertain the human and organizational factors that influence user adherence to policies. The variables examined included leadership, organizational commitment, rewards, awareness, behavioral intentions, and habits, all of which were gender-related. This is a quantitative study that includes offline and online surveys of university users in Indonesia. The findings indicated that the awareness variable had the greatest effect, while the reward variable had no effect. This research is expected to contribute to an understanding of how to comply with information security policies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 229.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 299.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Interpol (2021): Asean cyberthreat assessment 2021

    Google Scholar 

  2. Moody, G.D., Siponen, M., Pahnila, S.: Toward a unified model of information security policy compliance. MIS Q. 42, 285–311 (2018)

    Article  Google Scholar 

  3. Pahnila, S., Siponen, M., Mahmood, A.: Employees’ behavior towards IS security policy compliance. In: Proceedings of the Annual Hawaii International Conference on System Sciences, pp. 1–10 (2007)

    Google Scholar 

  4. Manjula, R., Bagchi, K., Ramesh, S., Baskaran, A.: Policy compliance in information security. Int. J. Pharm. Technol. 8, 22330–22340 (2016)

    Google Scholar 

  5. Doherty, N.F., Fulford, H.: Aligning the information security policy with the strategic information systems plan. Comput. Secur. 25, 55–63 (2006)

    Article  Google Scholar 

  6. Höne, K., Eloff, J.H.P.: What makes an effective information security policy? Netw. Secur. 2002, 14–16 (2002)

    Google Scholar 

  7. Wiant, T.L.: Information security policy’s impact on reporting security incidents. Comput. Secur. 24, 448–459 (2005)

    Article  Google Scholar 

  8. Sohrabi Safa, N., Von Solms, R., Furnell, S.: Information security policy compliance model in organizations. Comput. Secur. 56, 1–13 (2016)

    Article  Google Scholar 

  9. Furnell, S.: Malicious or misinformed? Exploring a contributor to the insider threat Comput. Fraud Secur. 2006, 8–12 (2006)

    Google Scholar 

  10. Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34, 523–548 (2010)

    Article  Google Scholar 

  11. Sommestad, T., Karlzén, H., Hallberg, J.: The theory of planned behavior and information security policy compliance. J. Comput. Inf. Syst. 1–10 (2017)

    Google Scholar 

  12. D’Arcy, J., Lowry, P.B.: Cognitive-affective drivers of employees’ daily compliance with information security policies: a multilevel, longitudinal study. Inf. Syst. J. 1–27 (2017)

    Google Scholar 

  13. Alotaibi, M., Furnell, S., Clarke, N.: Information security policies : a review of challenges and influencing factors. In: 11th International Conference for Internet Technology and Secured Transactions, pp. 352–358 (2016)

    Google Scholar 

  14. Ifinedo, P.: Information systems security policy compliance: an empirical study of the effects of socialisation, influence, and cognition. Inf. Manag. 51, 69–79 (2014)

    Article  Google Scholar 

  15. Safa, N.S., Von, S.R., Furnell, S.: Information security policy compliance model in organizations. Comput. Secur. (2015). https://doi.org/10.1016/j.cose.2015.10.006

  16. Silva, A.C.: What is Leadership? (2016)

    Google Scholar 

  17. Siponen, M., Willison, R.: Information security management standards: problems and solutions. Inf. Manag. 46, 267–270 (2009)

    Article  Google Scholar 

  18. Humaidi, N., Balakrishnan, V.: Leadership styles and information security compliance behavior: the mediator effect of information security awareness. Int. J. Inf. Educ. Technol. 5, 311–318 (2015)

    Google Scholar 

  19. Avey, J.B., Palanski, M.E., Walumbwa, F.O.: When leadership goes unnoticed: the moderating role of follower self-esteem on the relationship between ethical leadership and follower behavior. J. Bus. Ethics 98, 573–582 (2011)

    Article  Google Scholar 

  20. Mowday, R.T.: Reflections on the study and relevance of organizational commitment. Hum. Resour. Manag. Rev. 8, 387–401 (1998)

    Google Scholar 

  21. Lowry, P.B., Posey, C., Bennett, R.B.J., Roberts, T.L.: Leveraging fairness and reactance theories to deter reactive computer abuse following enhanced organisational information security policies: an empirical study of the influence of counterfactual reasoning and organisational trust. Inf. Syst. J. 25, 193–273 (2015)

    Google Scholar 

  22. Herath, T., Rao, H.R.: Encouraging information security behaviors in organizations: role of penalties, pressures and perceived effectiveness. Decis. Support Syst. 47, 154–165 (2009)

    Article  Google Scholar 

  23. Siponen, M., Adam Mahmood, M., Pahnila, S.: Employees’ adherence to information security policies: an exploratory field study. Inf. Manag. 51, 217–224 (2014)

    Article  Google Scholar 

  24. Limayem, M., Hirt, S.G., Cheung, C.M.K.: Research article how habit limits the predictive power of intention: the case of information. MIS Q. 31, 705–737 (2007)

    Article  Google Scholar 

  25. Consolvo, S., Langheinrich, M.: Identifying factors that influence employees’ security behavior for enhancing ISP compliance. In: Fischer-Hübner, S., Lambrinoudakis, C., López, J. (eds.) Trust, Privacy and Security in Digital Business. TrustBus 2015. LNCS, vol. 9264., pp. 8–23 Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22906-5_13

  26. Lebek, B., Uffen, J., Neumann, M., Hohler, B., Breitner, M.H.: Information security awareness and behavior: a theory-based literature review. Manag. Res. Rev. 37, 1049–1092 (2014)

    Article  Google Scholar 

  27. Puhakainen, S.: Improving employees’ compliance through information systems security training: an action research study. MIS Q. 34, 757 (2010)

    Article  Google Scholar 

  28. Abed, J., Dhillon, G., Ozkan, S.: Investigating continuous security compliance behavior : insights from information systems continuance model. In: Twenty-second Americas Conference on Information Systems San Diego, pp. 1–10 (2016)

    Google Scholar 

  29. Herath, T., Rao, H.R.: Protection motivation and deterrence: a framework for security policy compliance in organisations. Eur. J. Inf. Syst. 18, 106–125 (2009)

    Article  Google Scholar 

  30. Sharma, S., Warkentin, M.: Do i really belong?: Impact of employment status on information security policy compliance. Comput. Secur. 87, 101397 (2019)

    Google Scholar 

  31. Thangavelu, M., Krishnaswamy, V., Sharma, M.: Impact of comprehensive information security awareness and cognitive characteristics on security incident management–an empirical study. Comput. Secur. 109, 102401 (2021)

    Google Scholar 

  32. Koohang, A., Nowak, A., Paliszkiewicz, J., Nord, J.H.: Information security policy compliance: leadership, trust, role values, and awareness. J. Comput. Inf. Syst. 60, 1–8 (2020)

    Google Scholar 

  33. Hair, J.F., Hult, G.T.M., Ringle, C.M., Sarstedt, M.: A Primer on Partial Least Squares Structural Equation Modeling (PLS-SEM), p. 165. Sage, Thousand Oaks (2013)

    MATH  Google Scholar 

  34. Hair, J.F., Risher, J.J., Sarstedt, M., Ringle, C.M.: When to use and how to report the results of PLS-SEM. Eur. Bus. Rev. 31, 2–24 (2019)

    Article  Google Scholar 

  35. Hair Jr, J.F., Sarstedt, M., Hopkins, L., Kuppelwieser, V.G.: Partial least squares structural equation modeling (PLS-SEM). Eur. Bus. Rev. 26, 106–121 (2014)

    Google Scholar 

  36. Hair Jr, J.F., Black, W.C., Babin, B.J., Anderson, R.E.: Multivariate data Analysis (2018). https://doi.org/10.1002/9781119409137.ch4

  37. Henseler, J., Sarstedt, M.: Goodness-of-fit indices for partial least squares path modeling, pp. 565–580 (2013)

    Google Scholar 

  38. Safa, N.S., Von Solms, R.: An information security knowledge sharing model in organizations. Comput. Hum. Behav. 57, 442–451 (2016)

    Article  Google Scholar 

  39. Guhr, N., Lebek, B., Breitner, M.H.: The impact of leadership on employees’ intended information security behaviour: an examination of the full-range leadership theory. Inf. Syst. J. 29, 340–362 (2019)

    Article  Google Scholar 

  40. Sharma, S., Warkentin, M.: Do i really belong?: Impact of employment status on information security policy compliance. Comput. Secur. (2018). https://doi.org/10.1016/j.cose.2018.09.005

  41. Liu, C., Wang, N., Liang, H.: Motivating information security policy compliance: the critical role of supervisor-subordinate guanxi and organizational commitment. Int. J. Inf. Manag. 54, 02152 (2020)

    Google Scholar 

  42. Gerber, N., McDermott, R., Volkamer, M., Vogt, J.: Understanding information security compliance - why goal setting and rewards might be a bad idea. In: International Symposium on Human Aspects of Information Security & Assurance (HAISA 2016), vol. 10, pp. 145–155 (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computing, Faculty Engineering, University Technology Malaysia, 81310, Johor, Malaysia

    Angraini

  2. Department of Information System, Azman Hashim International Business School, University Technology Malaysia, 81310, Johor, Malaysia

    Rose Alinda Alias

  3. Department of Informatic Engineering, Faculty Science and Technology, Universitas Islam Negeri Sultan Syarif Kasim, Pekanbaru, Riau, Indonesia

    Angraini &  Okfalisa

Authors
  1. Angraini
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rose Alinda Alias
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Okfalisa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Angraini .

Editor information

Editors and Affiliations

  1. Birmingham City University, Birmingham, UK

    Faisal Saeed

  2. School of Computing, Universiti Utara Malaysia (UUM), Sintok, Kedah, Malaysia

    Fathey Mohammed

  3. Department of Computer Science, School of Computing, Universiti Teknologi Malaysia, Skudai, Malaysia

    Fuad Ghaleb

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Angraini, Alias, R.A., Okfalisa (2022). Information Security Policy Compliance: An Exploration of User Behaviour and Organizational Factors. In: Saeed, F., Mohammed, F., Ghaleb, F. (eds) Advances on Intelligent Informatics and Computing. IRICT 2021. Lecture Notes on Data Engineering and Communications Technologies, vol 127. Springer, Cham. https://doi.org/10.1007/978-3-030-98741-1_53

Download citation

Publish with us

Policies and ethics

Search

Navigation