A dimension-based information security culture model and its relationship with employees’ security behavior: A case study in Malaysian higher educational institutions

A dimension-based information security culture model and its relationship with employees’ security behavior: A case study in Malaysian higher educational institutions

Despite strong recommendations by scholars to establish Information Security Culture (ISC), the lack of ISC guidelines persists, particularly in aspects that could effectively improve employees’ security behavior in an organization. This study proposes an ISC model based on seven new formulated dime...

Full description

Saved in:
Bibliographic Details
Main Authors: Akhyari, Nasir, Ruzaini, Abdullah Arshah, Ab Hamid, Mohd Rashid
Format: Article
Language:en
Published: Taylor and Francis Inc. 2019
Subjects:
LB2300 Higher Education
QA Mathematics
QA76 Computer software
Online Access:http://umpir.ump.edu.my/id/eprint/30435/1/A%20dimension-based%20information%20security%20culture%20model%20.pdf
http://umpir.ump.edu.my/id/eprint/30435/
https://doi.org/10.1080/19393555.2019.1643956
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Despite strong recommendations by scholars to establish Information Security Culture (ISC), the lack of ISC guidelines persists, particularly in aspects that could effectively improve employees’ security behavior in an organization. This study proposes an ISC model based on seven new formulated dimensions to examine its influence on employees’ Information Security Policy (ISP) compliance behavior. The dimensions represent specific aspects of ISC and were formulated based on widely accepted concepts of Organizational Culture and ISC. The model was tested at 19 out of 21 public universities in Malaysia and validated using Partial Least Square Structural Equation Modelling (PLS-SEM). Findings revealed all seven dimensions are significant in contributing to the underlying concept of ISC, with Information Security Knowledge being the most important dimension. This ISC concept was also found to be significant in influencing ISP compliance behavior. This study contributes to ISC literature in terms of conceptualization and operationalization of an ISC concept based on the new comprehensive dimensions in relation to ISP compliance behavior. The model could be employed by practitioners in assessing, improving and cultivating a positive ISC that would effectively influence employees’ security behavior in higher educational institutions.

Similar Items