Information security policy compliance model for public sector
Technical aspect of security is inadequate to ensure information security within organization thus requires for adoption of information security policy. Policy without compliance from the employee of an organization would be useless where it requires desirable behaviours. Human are known to be the w...
Saved in:
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English |
| Published: |
2017
|
| Subjects: | |
| Online Access: | http://eprints.utm.my/id/eprint/91983/1/FuadHarrizAbdMRAZAK2017.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Technical aspect of security is inadequate to ensure information security within organization thus requires for adoption of information security policy. Policy without compliance from the employee of an organization would be useless where it requires desirable behaviours. Human are known to be the weakest link in information security thus factor that affect their intention towards compliance behaviour should be identified. The purpose of this research is to identify factors from recent researches that uses the most common compliance model used in social psychology and technological domain. These factors would then be built up into a proposed model where it will be validated with the survey questionnaire result from an IT department that consists of administrative and IT professionals. This research uses quantitative approach as it is the most used research design used in this domain and statistics software will be used to determine the frequencies, reliability, and the correlation of the factors towards compliance intention. According to 214 respondents, eleven factors have been concluded to have significant impact towards compliance intention that is perceived severity, perceived vulnerability, maladaptive rewards, response efficacy, self-efficacy, attitude, subjective norm, perceived usefulness, perceived ease of use, awareness and punishment while rewards have insignificant relation. The result from this research would support the proposed model that will act as a guidance in public sector to solve issues regarding employee behaviour that impacts information security policy compliance. |
|---|