A dimension-based information security culture model for information security policy compliance behavior in Malaysian public universities

Akhyari, Nasir (2019) A dimension-based information security culture model for information security policy compliance behavior in Malaysian public universities. PhD thesis, Universiti Malaysia Pahang (Contributors, Thesis advisor: Ruzaini, Abdullah Arshah).

[img]
Preview
Pdf
A dimension-based information security culture model for information security policy compliance behavior.wm.pdf

Download (3MB) | Preview

Abstract

Due to the increase of information security incidents and attacks caused by employees’ behavior, scholars and experts recommended the establishment of a positive Information Security Culture (ISC) to guide employees’ behavior towards complying with Information Security Policy (ISP) established in the organization. However, it is still unclear as to what elements or aspects required for a positive ISC formation, which would effectively influences ISP compliance behavior. Current studies still could not provide a conclusive finding on the actual influence of ISC towards ISP compliance behavior for suggesting ISC model that effectively influences ISP compliance behavior. The inconsistency of dimensions and approaches in conceptualizing the ISC are the main gaps in current studies. ISC literature indicates that different sets of dimensions used to conceptualize ISC in various studies. Apart from that, since some studies suggested ISC depends on cultural differences and national culture, previous findings could not be generalized to Malaysian organizations and employees. This research addresses these issues by developing an ISC model based on new formulated dimensions for employee’s ISP compliance behavior in Malaysian Public Universities. In this study, ISC was conceptualized as a dimension-based concept formed by seven dimensions formulated based on widely accepted concepts of Organizational Culture and ISC. The formulated dimensions not only covered all levels in these concepts, the dimensions were also covered most of ISC key factors in current literature. This ISC concept then was integrated with the most significant behavioral theory in ISP compliance behavior literature, which is Theory of Planned Behavior to thoroughly examine and demonstrate the effectiveness of new ISC concept in influencing employees’ ISP compliance behavior. The model was tested in public university settings in Malaysia, whereby a questionnaire-based survey was conducted to collect data from the employees using convenient sampling technique due to homogeneity of the population. This study employed Structural Equation Modeling (SEM) to validate the research model. Partial Least Squares (PLS) modeling technique was used to analyze the data via SmartPLS 3.0 software package. The findings show that all seven formulated dimensions are relevant and significant (weightage>0.1 and t-values>1.65, p-values<0.001) in contributing towards ISC concept used in the model. The ISC concept based on these seven dimensions was also found to be significant in influencing employees’ ISP compliance behavior (R2=0.449). These findings suggest that seven aspects represented by seven dimensions in the study could be used as guidelines to assess and establish a positive ISC in guiding employees’ security behavior in organizations especially in public universities in Malaysia. The findings also reveal that the most important aspect in establishing a positive ISC is Information Security Knowledge. Moreover, behavioral factors of Attitude, Normative Belief and SelfEfficacy were found to be significant in mediating the relationship between ISC and employee’s ISP compliance intention. These findings provide new insights and knowledge on standard issues regarding the concept of ISC based on its dimensions. They also provide a clear understanding on ISC influence towards employees’ security behavior. The model could also be used by Information Security Management (ISM) as guidelines to plan and establish effective ISC strategies and to predict security behavior in obtaining higher level of information security and its systems in Malaysian organizations.

Item Type: Thesis (PhD)
Additional Information: Thesis (Doctor of Philosophy) -- Universiti Malaysia Pahang – 2019, SV: TS. DR. RUZAINI BIN ABDULLAH ARSHAH, NO. CD: 12344
Uncontrolled Keywords: Information Security Culture (ISC); Information Security Policy (ISP); public universities
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Faculty/Division: Faculty of Computer System And Software Engineering
Depositing User: Mrs. Sufarini Mohd Sudin
Date Deposited: 20 Nov 2020 00:10
Last Modified: 26 Jan 2023 02:49
URI: http://umpir.ump.edu.my/id/eprint/29990
Download Statistic: View Download Statistics

Actions (login required)

View Item View Item