A dimension-based information security culture model for information security policy compliance behavior in Malaysian public universities
Due to the increase of information security incidents and attacks caused by employees’ behavior, scholars and experts recommended the establishment of a positive Information Security Culture (ISC) to guide employees’ behavior towards complying with Information Security Policy (ISP) established in th...
Saved in:
Main Author: | |
---|---|
Format: | Thesis |
Language: | English |
Published: |
2019
|
Subjects: | |
Online Access: | http://umpir.ump.edu.my/id/eprint/29990/1/A%20dimension-based%20information%20security%20culture%20model%20for%20information%20security%20policy%20compliance%20behavior.wm.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
id |
my-ump-ir.29990 |
---|---|
record_format |
uketd_dc |
institution |
Universiti Malaysia Pahang Al-Sultan Abdullah |
collection |
UMPSA Institutional Repository |
language |
English |
advisor |
Ruzaini, Abdullah Arshah |
topic |
QA75 Electronic computers Computer science |
spellingShingle |
QA75 Electronic computers Computer science Akhyari, Nasir A dimension-based information security culture model for information security policy compliance behavior in Malaysian public universities |
description |
Due to the increase of information security incidents and attacks caused by employees’ behavior, scholars and experts recommended the establishment of a positive Information Security Culture (ISC) to guide employees’ behavior towards complying with Information Security Policy (ISP) established in the organization. However, it is still unclear as to what elements or aspects required for a positive ISC formation, which would effectively influences ISP compliance behavior. Current studies still could not provide a conclusive finding on the actual influence of ISC towards ISP compliance behavior for suggesting ISC model that effectively influences ISP compliance behavior. The inconsistency of dimensions and approaches in conceptualizing the ISC are the main gaps in current studies. ISC literature indicates that different sets of dimensions used to conceptualize ISC in various studies. Apart from that, since some studies suggested ISC depends on cultural differences and national culture, previous findings could not be generalized to Malaysian organizations and employees. This research addresses these issues by developing an ISC model based on new formulated dimensions for employee’s ISP compliance behavior in Malaysian Public Universities. In this study, ISC was conceptualized as a dimension-based concept formed by seven dimensions formulated based on widely accepted concepts of Organizational Culture and ISC. The formulated dimensions not only covered all levels in these concepts, the dimensions were also covered most of ISC key factors in current literature. This ISC concept then was integrated with the most significant behavioral theory in ISP compliance behavior literature, which is Theory of Planned Behavior to thoroughly examine and demonstrate the effectiveness of new ISC concept in influencing employees’ ISP compliance behavior. The model was tested in public university settings in Malaysia, whereby a questionnaire-based survey was conducted to collect data from the employees using convenient sampling technique due to homogeneity of the population. This study employed Structural Equation Modeling (SEM) to validate the research model. Partial Least Squares (PLS) modeling technique was used to analyze the data via SmartPLS 3.0 software package. The findings show that all seven formulated dimensions are relevant and significant (weightage>0.1 and t-values>1.65, p-values<0.001) in contributing towards ISC concept used in the model. The ISC concept based on these seven dimensions was also found to be significant in influencing employees’ ISP compliance behavior (R2=0.449). These findings suggest that seven aspects represented by seven dimensions in the study could be used as guidelines to assess and establish a positive ISC in guiding employees’ security behavior in organizations especially in public universities in Malaysia. The findings also reveal that the most important aspect in establishing a positive ISC is Information Security Knowledge. Moreover, behavioral factors of Attitude, Normative Belief and SelfEfficacy were found to be significant in mediating the relationship between ISC and employee’s ISP compliance intention. These findings provide new insights and knowledge on standard issues regarding the concept of ISC based on its dimensions. They also provide a clear understanding on ISC influence towards employees’ security behavior. The model could also be used by Information Security Management (ISM) as guidelines to plan and establish effective ISC strategies and to predict security behavior in obtaining higher level of information security and its systems in Malaysian organizations. |
format |
Thesis |
qualification_name |
Doctor of Philosophy (PhD.) |
qualification_level |
Doctorate |
author |
Akhyari, Nasir |
author_facet |
Akhyari, Nasir |
author_sort |
Akhyari, Nasir |
title |
A dimension-based information security culture model for information security policy compliance behavior in Malaysian public universities |
title_short |
A dimension-based information security culture model for information security policy compliance behavior in Malaysian public universities |
title_full |
A dimension-based information security culture model for information security policy compliance behavior in Malaysian public universities |
title_fullStr |
A dimension-based information security culture model for information security policy compliance behavior in Malaysian public universities |
title_full_unstemmed |
A dimension-based information security culture model for information security policy compliance behavior in Malaysian public universities |
title_sort |
dimension-based information security culture model for information security policy compliance behavior in malaysian public universities |
granting_institution |
Universiti Malaysia Pahang |
granting_department |
Faculty of Computer System & Software Engineering |
publishDate |
2019 |
url |
http://umpir.ump.edu.my/id/eprint/29990/1/A%20dimension-based%20information%20security%20culture%20model%20for%20information%20security%20policy%20compliance%20behavior.wm.pdf |
_version_ |
1783732128043761664 |
spelling |
my-ump-ir.299902023-01-26T02:49:26Z A dimension-based information security culture model for information security policy compliance behavior in Malaysian public universities 2019-08 Akhyari, Nasir QA75 Electronic computers. Computer science Due to the increase of information security incidents and attacks caused by employees’ behavior, scholars and experts recommended the establishment of a positive Information Security Culture (ISC) to guide employees’ behavior towards complying with Information Security Policy (ISP) established in the organization. However, it is still unclear as to what elements or aspects required for a positive ISC formation, which would effectively influences ISP compliance behavior. Current studies still could not provide a conclusive finding on the actual influence of ISC towards ISP compliance behavior for suggesting ISC model that effectively influences ISP compliance behavior. The inconsistency of dimensions and approaches in conceptualizing the ISC are the main gaps in current studies. ISC literature indicates that different sets of dimensions used to conceptualize ISC in various studies. Apart from that, since some studies suggested ISC depends on cultural differences and national culture, previous findings could not be generalized to Malaysian organizations and employees. This research addresses these issues by developing an ISC model based on new formulated dimensions for employee’s ISP compliance behavior in Malaysian Public Universities. In this study, ISC was conceptualized as a dimension-based concept formed by seven dimensions formulated based on widely accepted concepts of Organizational Culture and ISC. The formulated dimensions not only covered all levels in these concepts, the dimensions were also covered most of ISC key factors in current literature. This ISC concept then was integrated with the most significant behavioral theory in ISP compliance behavior literature, which is Theory of Planned Behavior to thoroughly examine and demonstrate the effectiveness of new ISC concept in influencing employees’ ISP compliance behavior. The model was tested in public university settings in Malaysia, whereby a questionnaire-based survey was conducted to collect data from the employees using convenient sampling technique due to homogeneity of the population. This study employed Structural Equation Modeling (SEM) to validate the research model. Partial Least Squares (PLS) modeling technique was used to analyze the data via SmartPLS 3.0 software package. The findings show that all seven formulated dimensions are relevant and significant (weightage>0.1 and t-values>1.65, p-values<0.001) in contributing towards ISC concept used in the model. The ISC concept based on these seven dimensions was also found to be significant in influencing employees’ ISP compliance behavior (R2=0.449). These findings suggest that seven aspects represented by seven dimensions in the study could be used as guidelines to assess and establish a positive ISC in guiding employees’ security behavior in organizations especially in public universities in Malaysia. The findings also reveal that the most important aspect in establishing a positive ISC is Information Security Knowledge. Moreover, behavioral factors of Attitude, Normative Belief and SelfEfficacy were found to be significant in mediating the relationship between ISC and employee’s ISP compliance intention. These findings provide new insights and knowledge on standard issues regarding the concept of ISC based on its dimensions. They also provide a clear understanding on ISC influence towards employees’ security behavior. The model could also be used by Information Security Management (ISM) as guidelines to plan and establish effective ISC strategies and to predict security behavior in obtaining higher level of information security and its systems in Malaysian organizations. 2019-08 Thesis http://umpir.ump.edu.my/id/eprint/29990/ http://umpir.ump.edu.my/id/eprint/29990/1/A%20dimension-based%20information%20security%20culture%20model%20for%20information%20security%20policy%20compliance%20behavior.wm.pdf pdf en public phd doctoral Universiti Malaysia Pahang Faculty of Computer System & Software Engineering Ruzaini, Abdullah Arshah |