Information security policy perceived compliance among staff in Palestine universities: An empirical pilot study

In today’s interconnected world, universities recognize the importance of protecting their information assets from internal and external threats. Being the possible insider threats to Information Security, employees are often coined as the weakest link. Both employees and organizations should be aw...

Full description

Bibliographic Details
Main Authors: Mohammad Iriqat, Yousef, Ahlan, Abdul Rahman, Abdul Molok, Nurul Nuha
Format: Conference or Workshop Item
Language:English
English
Published: IEEE 2019
Subjects:
Online Access:http://irep.iium.edu.my/71610/
http://irep.iium.edu.my/71610/
http://irep.iium.edu.my/71610/13/71610%20Information%20Security%20Policy%20Perceived.pdf
http://irep.iium.edu.my/71610/7/71610_Information%20security%20policy%20perceived%20compliance_scopus.pdf
Description
Summary:In today’s interconnected world, universities recognize the importance of protecting their information assets from internal and external threats. Being the possible insider threats to Information Security, employees are often coined as the weakest link. Both employees and organizations should be aware of this raising challenge. Understanding staff perception of compliance behaviour is critical for universities wanting to leverage their staff capabilities to mitigate Information Security risks. Therefore, this research seeks to get insights into staff perception based on factors adopted from several theories by using proposed constructs i.e. "perceived" practices/policies and "perceived" intention to comply. Drawing from the General Deterrence Theory, Protection Motivation Theory, Theory of Planned Behaviour and Information Reinforcement, within the context of Palestine universities, this paper integrates staff awareness of Information Security Policies (ISP) countermeasures as antecedents to “perceived” influencing factors (perceived sanctions, perceived rewards, perceived coping appraisal, and perceived information reinforcement). The empirical study is designed to follow a quantitative research approaches, use survey as a data collection method and questionnaires as the research instruments. Partial least squares structural equation modelling is used to inspect the reliability and validity of the measurement model and hypotheses testing for the structural model. The research covers ISP awareness among staff and seeks to assert that information security is the responsibility of all academic and administrative staff from all departments. Overall, our pilot study findings seem promising, and we found strong support for our theoretical model.