Building an awareness-centered information security policy compliance model
Industrial Management & Data Systems
ISSN: 0263-5577
Article publication date: 10 January 2020
Issue publication date: 10 January 2020
Abstract
Purpose
The purpose of this paper is to build an awareness-centered information security policy (ISP) compliance model, asserting that awareness is the key to ISP compliance and that awareness depends upon several variables that influence successful ISP compliance.
Design/methodology/approach
The authors built a model with seven constructs, i.e., leadership, trusting beliefs, information security issues awareness (ISIA), ISP awareness, understanding resource vulnerability, self-efficacy (SE) and intention to comply. Seven hypotheses were stated. A sample of 285 non-management employees was used from various organizations in the USA. The authors used path modeling to analyze the data.
Findings
The findings indicated that IS awareness depends on effective organizational leadership and elevated employees’ trusting beliefs. The understanding of resource vulnerability (URV) and SE are influenced by IS awareness resulting from effective leadership and elevated employees’ trusting beliefs which guide employees to comply with ISP requirements.
Practical implications
Practical implications were aimed at organizations embracing an awareness-centered information security compliance program to secure organizations’ assets against threats by implementing various security education and training awareness programs.
Originality/value
This paper asserts that awareness is central to ISP compliance. Leadership and trusting beliefs variables play significant roles in the information security awareness which in turn positively affect employees’ URV and SE variables leading employees to comply with the ISP requirements.
Keywords
Citation
Koohang, A., Anderson, J., Nord, J.H. and Paliszkiewicz, J. (2020), "Building an awareness-centered information security policy compliance model", Industrial Management & Data Systems, Vol. 120 No. 1, pp. 231-247. https://doi.org/10.1108/IMDS-07-2019-0412
Publisher
:Emerald Publishing Limited
Copyright © 2019, Emerald Publishing Limited