Abstract
To compete and survive in today’s competitive business world organizations continue to focus investment on information systems and technology. The protection of these information assets is crucial as business information resides in them. Organizations have placed reliance on technology controls such as firewalls, antivirus, intrusion detection, intrusion prevention, etc. as a control measure to protect these systems. The technical controls provide only a technical solution. Organizations must not only use technology controls as a protection strategy but design a holistic approach to protect their information assets. The holistic approach includes; technology, people, and processes. Information is used by people to perform their duties and employees should understand their roles and responsibilities.
The Acceptable Usage Policy (AUP) clearly defines employee roles and responsibilities. The AUP is a guiding policy for employees’ expected behavior when using the organizations’ information and information assets. The behavior of employees is crucial to the safety of business information as it can protect the information or expose it to danger. A policy such as an AUP must exist to guide the behavior of employees. Employee compliance with AUP can increase the safety of business information.
The main objective of this study was to focus on improving compliance with the AUP. Various factors have been identified as contributors to employee compliance with the AUP. The AUP compliance factors not only increase the compliance but also assist organizations in understanding the needs of employees that will assist them to comply with the AUP.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ajzen, I., Fishbein, M.: Understanding attitudes and predicting social behavior, Nebraska Symposium on Motivation, vol.27, pp. 65–116. Prentice-Hall, Englewood Cliffs (1979)
Ajzen, I.: The theory of planned behavior. Organ. Behav. Hum. Decis. Process. 50(2), 179–211 (1991). https://doi.org/10.1016/0749-5978(91)90020-T
Chen, X., Wu, D., Chen, L., Teng, J.K.L.: Sanction severity and employees’ information security policy compliance: investigating mediating, moderating, and control variables. Inf. Manage. 55(8), 1049–1060 (2018). https://doi.org/10.1016/j.im.2018.05.011
Jaeger, L., Eckhardt, A., Kroenung, J.: The role of deterrability for the effect of multi-level sanctions on information security policy compliance: Results of a multigroup analysis. Inf. Manage. 103318 (2020). https://doi.org/10.1016/j.im.2020.103318
Lee, C., Lee, C.C., Kim, S.: Understanding information security stress: focusing on the type of information security compliance activity. Comput. Secur. 59, 60–70 (2016). https://doi.org/10.1016/j.cose.2016.02.004
Moher, D., Liberati, A., Tetzlaff, J., Altman, D.G., Grp, P.: Preferred reporting items for systematic reviews and meta-analyses: the PRISMA statement (reprinted from annals of internal medicine). Phys. Ther. 89(9), 873–880 (2009). https://doi.org/10.1371/journal.pmed.1000097
Safa, N.S., Maple, C., Watson, T., Von Solms, R.: Motivation and opportunity based model to reduce information security insider threats in organisations. J. Inf. Secur. Appl. 40, 247–257 (2018). https://doi.org/10.1016/j.jisa.2017.11.001
Safa, N.S., Sookhak, M., Von Solms, R., Furnell, S., Ghani, N.A., Herawan, T.: Information security conscious care behaviour formation in organizations. Comput. Secur. 53, 65–78 (2015). https://doi.org/10.1016/j.cose.2015.05.012
Safa, N.S., Von Solms, R., Furnell, S.: Information security policy compliance model in organizations. Comput. Secur. 56, 1–13 (2016). https://doi.org/10.1016/j.cose.2015.10.006
Sharma, S., Warkentin, M.: Do I really belong? Impact of employment status on information security policy compliance Comput. Secur. 87 101397 (2019). https://doi.org/10.1016/j.cose.2018.09.005
Siponen, M., Adam Mahmood, M., Pahnila, S.: Employees’ adherence to information security policies: an exploratory field study. Inf. Manage. 51(2), 217–224 (2014). https://doi.org/10.1016/j.im.2013.08.006
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Flack, G.P., Kritzinger, E., Loock, M. (2021). Improving Compliance with the Acceptable Usage Policy. In: Silhavy, R. (eds) Informatics and Cybernetics in Intelligent Systems. CSOC 2021. Lecture Notes in Networks and Systems, vol 228. Springer, Cham. https://doi.org/10.1007/978-3-030-77448-6_61
Download citation
DOI: https://doi.org/10.1007/978-3-030-77448-6_61
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-77447-9
Online ISBN: 978-3-030-77448-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)