Information security policy perceived compliance among staff in Palestine universities: An empirical pilot study
In today’s interconnected world, universities recognize the importance of protecting their information assets from internal and external threats. Being the possible insider threats to Information Security, employees are often coined as the weakest link. Both employees and organizations should be aw...
Main Authors: | , , |
---|---|
Format: | Conference or Workshop Item |
Language: | English English |
Published: |
IEEE
2019
|
Subjects: | |
Online Access: | http://irep.iium.edu.my/71610/ http://irep.iium.edu.my/71610/ http://irep.iium.edu.my/71610/13/71610%20Information%20Security%20Policy%20Perceived.pdf http://irep.iium.edu.my/71610/7/71610_Information%20security%20policy%20perceived%20compliance_scopus.pdf |
Summary: | In today’s interconnected world, universities recognize the importance of protecting their information assets
from internal and external threats. Being the possible insider threats to Information Security, employees are often coined as the weakest link. Both employees and organizations should be aware of this raising challenge. Understanding staff perception of compliance behaviour is critical for universities wanting to leverage their staff capabilities to mitigate Information Security risks. Therefore, this research seeks to get insights into staff
perception based on factors adopted from several theories by using proposed constructs i.e. "perceived" practices/policies and "perceived" intention to comply. Drawing from the General Deterrence Theory, Protection Motivation Theory, Theory of Planned Behaviour and Information Reinforcement, within the context of Palestine universities, this paper integrates staff
awareness of Information Security Policies (ISP)
countermeasures as antecedents to “perceived” influencing
factors (perceived sanctions, perceived rewards, perceived coping appraisal, and perceived information reinforcement). The empirical study is designed to follow a quantitative research approaches, use survey as a data collection method and questionnaires as the research instruments. Partial least squares structural equation modelling is used to inspect the reliability and validity of the measurement model and hypotheses testing for the structural model. The research covers ISP awareness among staff and seeks to assert that information security is the responsibility of all academic and administrative staff from all departments. Overall, our pilot study findings seem promising, and we found strong support for our theoretical model. |
---|