Investigating the Role of Socio-organizational Factors in the Information Security Compliance in Organizations

📝 Abstract

The increase reliance on information systems has created unprecedented challenges for organizations to protect their critical information from different security threats that have direct consequences on the corporate liability, loss of credibility, and monetary damage. As a result, the security of information has become a top priority in many organizations. This study investigates the role of socio-organizational factors by drawing the insights from the organizational theory literature in the adoption of information security compliance in organizations. Based on the analysis of the survey data collected from 294 employees from different organizations, the study indicates management commitment, awareness and training, accountability, technology capability, technology compatibility, processes integration, and audit and monitoring have a significant positive impact on the adoption of information security compliance in organizations. The study contributes to the information security compliance research by exploring the criticality of socio-organizational factors at the organizational level for information security compliance.

💡 Analysis

The increase reliance on information systems has created unprecedented challenges for organizations to protect their critical information from different security threats that have direct consequences on the corporate liability, loss of credibility, and monetary damage. As a result, the security of information has become a top priority in many organizations. This study investigates the role of socio-organizational factors by drawing the insights from the organizational theory literature in the adoption of information security compliance in organizations. Based on the analysis of the survey data collected from 294 employees from different organizations, the study indicates management commitment, awareness and training, accountability, technology capability, technology compatibility, processes integration, and audit and monitoring have a significant positive impact on the adoption of information security compliance in organizations. The study contributes to the information security compliance research by exploring the criticality of socio-organizational factors at the organizational level for information security compliance.

📄 Content

Australasian Conference on Information Systems

           AlKalbani, Deng, Kam 

2015, Australia, Adelaide
Information Security Compliance

Investigating the Role of Socio-organizational Factors in the Information Security Compliance in Organizations Ahmed AlKalbani School of Business Information Technology and Logistics RMIT University Melbourne, Australia
Email: ahmed.al-kalbani@rmit.edu.au Hepu Deng School of Business Information Technology and Logistics RMIT University Melbourne, Australia Email: hepu.deng@rmit.edu.au Booi Kam School of Business Information Technology and Logistics RMIT University Melbourne, Australia Email: booi.kam@rmit.edu.au Abstract The increase reliance on information systems has created unprecedented challenges for organizations to protect their critical information from different security threats that have direct consequences on the corporate liability, loss of credibility, and monetary damage. As a result, the security of information has become critical in many organizations. This study investigates the role of socio-organizational factors by drawing the insights from the organizational theory literature in the adoption of information security compliance in organizations. Based on the analysis of the survey data collected from 294 employees, the study indicates management commitment, awareness and training, accountability, technology capability, technology compatibility, processes integration, and audit and monitoring have a significant positive impact on the adoption of information security compliance in organizations. The study contributes to the information security compliance research by exploring the criticality of socio- organizational factors at the organizational level for information security compliance.
Keywords Socio-organizational, information security, information security compliance, critical factors 1 Introduction Information security compliance refers to the implementation of information security standards and policies for protecting information in organizations (AlKalbani et al. 2014; Von Solms 2005). The adoption of information security compliance ensures that information security mechanisms can work together effectively to protect the critical information in organizations (Appari et al. 2009; Ifinedo 2013). It satisfies the security requirements, thus improving stakeholders’ confidence and trust in organizations. As a result, information security compliance is widely considered as an effective approach for ensuring information security in organizations (Herath and Rao 2009).
Several studies have investigated the problem of information security compliance in organizations in recent years. Herath and Rao (2009), for example, investigate the factors related to behaviours, motivations, values and norms that affect employees’ intentions to comply with information security compliance in organizations. Siponen et al. (2010) examine the factors related to normative beliefs, threat appraisal, self-efficacy, and visibility that influence employees’ intention to comply with information security policies in organizations. Ifinedo (2013) assesses the social influence of changing individual’s thoughts, actions, feelings, attitudes, and behaviours on information security compliance in organizations. These studies have focused primarily on understanding employees’ attitudes, and behaviour (Herath and Rao 2009) on information security compliance in organizations. There are, however, other socio-organizational aspects that may influence the adoption of information security Australasian Conference on Information Systems

           AlKalbani, Deng, Kam 

2015, Australia, Adelaide
Information Security Compliance

compliance in organizations. These aspects include information security governance (Smith and Jamieson 2006), legislative requirements (Benabdallah et al. 2002), information security strategies and policies (Smith and Jamieson 2006), and implementation of advanced security technologies (Lambrinoudakis et al. 2003). This shows that there is a need to investigate more social-organizational factors for shaping the adoption of information security compliance in organizations (Bulgurcu et al. 2010; Dhillon and Backhouse 2001). This study investigates the role of socio-organizational factors by drawing the insights from the organizational theory literature in the adoption of information security compliance in organizations. Based on the analysis of the survey data collected from 294 employees, the study indicates management commitment, awareness and training, accountability, technology capability, technology compatibility, processes integration, and audit and monitoring have a significant positive impact on the adoption of information security compliance for information security

This content is AI-processed based on ArXiv data.