Factors influencing information security policy (ISP) compliance in Immigration Department of Malaysia (IMM) / Muhammad Naquib Khalib
Information security policies or ISP is a statement of roles and responsibilities of employees to safeguard the information and technology resources in their organization. The main objective of ISP is to protect information in terms of confidentiality, integrity and availability. However compliance...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2017
|
| Subjects: | |
| Online Access: | https://ir.uitm.edu.my/id/eprint/64975/1/64975.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Information security policies or ISP is a statement of roles and responsibilities of employees to safeguard the information and technology resources in their organization. The main objective of ISP is to protect information in terms of confidentiality, integrity and availability. However compliance with ISP is a difficult issue. A research conducted by COMPTIA in 2016 shows that 58% of security risk in Malaysia is contributed by human error which identified top sources of human security error including IT staff and end user failure to follow policies and procedures. This research aims to identify the factors that influence ISP compliance in Immigration Department of Malaysia (IMM). A research model based on Theory of Planned Behavior (TPB) have been proposed for an employee's individual based belief. The data have been collected through list of questionnaires distributed to IMM Officers. The result of research shows that intention to comply, perceived cost of noncompliance and perceived cost of compliance have a significant relationship with attitude towards complying with ISP. The results of the research also suggested that a solution is needed to increase ISP compliance in IMM. The findings will be beneficial to the fellow researchers and policy makers, especially to Immigration Department of Malaysia in improving their employee's behaviour towards practising information security. |
|---|