Abstract
Information security remains a significant concern for virtually every well-established organization globally. Extensive research indicates that a significant proportion of information security breaches can be attributed to internal employees’ disregard for information security policies. Non-compliance with these policies is a complex issue that necessitates both administrative and behavioural solutions. While numerous studies have delved into behavioural aspects of information security, most of this research has cantered around non-IT or non- specialized users. This research paper represents a pioneering pilot study aimed at assessing the information security policy compliance of IT professionals. Formulated hypotheses based on a comprehensive literature review, along with the development of a framework, underpin the study's methodology. The framework incorporates organizational management constructs and draws from two prominent behavioural theories—Protection Motivation Theory and the Theory of Planned Behaviour. The findings from this pilot study underscore the role of organizational management in augmenting employees’ protection motivation, ultimately fostering a culture of responsible information security behaviour aligned with information security policy compliance.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Widup S, Spitler M, Hylender D, Bassett G (2018) Verizon data breach investigations report. Retrieved from Verizon data breach investigations report
Willison R, Warkentin M (2013) Beyond deterrence: an expanded view of employee computer abuse. MIS Q 37(1):1–20
Yildirim EY, Akalp G, Aytac S, Bayram N (2011) Factors influencing information security management in small-and medium-sized enterprises: a case study from Turkey. Int J Inf Manage 31(4):360–365
Cresson Wood C (2005) Information security policies made easy. Information Shield Publisher, US
Wood CC (1997) Policies alone do not constitute a sufficient awareness effort. Comput Fraud Secur 14–19
Willison RA (2002) Opportunities for computer abuse: assessing a crime-specific approach in the case of Barings Bank. London School of Economics and Political Science, United Kingdom
Shostack A, Stewart A (2008) The new school of information security. Pearson Education, NY, US
Disterer G (2013) ISO/IEC 27000, 27001 and 27002 for information security management. J Inf Secur 4(1):92–100
Năstase P, Năstase F, Ionescu C (2009) Challenges generated by the implementation of the IT standards CobiT 4.1, ITIL v3 and ISO/IEC 27002 in enterprises. Econ Comput Econ Cybern Stud Res 43(1): 1–16
Moody GD, Siponen M, Pahnila S (2018) Toward a unified model of information security policy compliance. MIS Q 42(1):285–312
Ifinedo P (2014) Information systems security policy compliance: an empirical study of the effects of socialization, influence, and cognition. Inf Manage 51(1):69–79
Posey C, Roberts TL, Lowry PB, Hightower RT (2014) Bridging the divide: a qualitative comparison of information security thought patterns between information security professionals and ordinary organizational insiders. Inf Manage 51(5):551–567
Rogers RW (1975) A protection motivation theory of fear appeals and attitude change. J Psychol 91(1):93–114
Beck L, Ajzen I (1991) Predicting dishonest actions using the theory of planned behavior. J Res Pers 25(3):285–301
Yaokumah W, Walker DO, Kumah P (2019) SETA and security behavior: mediating role of employee relations, monitoring, and accountability. J Glob Inf Manage 27(2):102–121
Hina S, Selvam DDDP, Lowry PB (2019) Institutional governance and protection motivation: theoretical insights into shaping employees’ security compliance behavior in higher education institutions in the developing world. Comput Secur 87(November): 101594
Da Veiga A, Martins N (2017) Defining and identifying dominant information security cultures and subcultures. Comput Secur 70(September):72–94
Furnell S, Rajendran A (2012) Understanding the influences on information security behavior. Comput Fraud Secur 2012(3, March): 12–15
Höne K, Eloff JHP (2002) Information security policy—what do international information security standards say? Comput Secur 21(5, October): 402–409
Madsen HO, Krenk S, Lind NC (2006) Methods of structural safety. Dover Publications, NY, US
D’Arcy J, Hovav A, Galletta D (2009) User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach. Inf Syst Res 20(1):79–98
Hamid HA, Dali NRSM (2019) Curbing misbehavior with information security measures: an empirical evidence from a case study. AL-'ABQARI: J Islamic Soc Sci Human 17(1): 28–38
Hina S, Dominic PDD (2018) Information security policies’ compliance: a perspective for higher education institutions. J Comput Inf Syst 1(March):201–211
Etikan I, Musa SA, Alkassim RS (2016) Comparison of convenience sampling and purposive sampling. Am J Theor Appl Stat 5(1):1–4
Williams B, Onsman A, Brown T (2010) Exploratory factor analysis: a five-step guide for novices. Australasian J Paramedicine 8(3):1–13
Field A (2017) Discovering statistics using IBM SPSS statistics: North American edition. Sage, 5 edn, US
Ali RF, Dominic PDD (2022) Investigation of information security policy violations among oil and gas employees: a security-related stress and avoidance coping perspective. J Inf Sci
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Ali, R.F., Jahankhani, H., Hassan, B. (2024). Cybersecurity at the Core: A Study on IT Experts’ Policy Adherence. In: Jahankhani, H. (eds) Cybersecurity Challenges in the Age of AI, Space Communications and Cyborgs. ICGS3 2023. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-47594-8_20
Download citation
DOI: https://doi.org/10.1007/978-3-031-47594-8_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-47593-1
Online ISBN: 978-3-031-47594-8
eBook Packages: Physics and AstronomyPhysics and Astronomy (R0)