Investigating the Role of Socio-organizational Factors in the Information Security Compliance in Organizations

The increase reliance on information systems has created unprecedented challenges for organizations to protect their critical information from different security threats that have direct consequences on the corporate liability, loss of credibility, and monetary damage. As a result, the security of information has become critical in many organizations. This study investigates the role of socio-organizational factors by drawing the insights from the organizational theory literature in the adoption of information security compliance in organizations. Based on the analysis of the survey data collected from 294 employees, the study indicates management commitment, awareness and training, accountability, technology capability, technology compatibility, processes integration, and audit and monitoring have a significant positive impact on the adoption of information security compliance in organizations. The study contributes to the information security compliance research by exploring the criticality of socio-organizational factors at the organizational level for information security compliance

Investigating the Impact of Institutional Pressures on Information Security Compliance in Organizations

Abstract: The increasing threat to information security has created institutional pressures on organizations to comply with information security policies and standards. This paper presents an empirical study to investigate the impact of institutional pressures (coercive, normative, and mimetic) on information security compliance in organizations. The results show that coercive pressures that are manifested by regulatory agencies, normative pressures that are exerted through social pressures, and mimetic pressures that are manifested by security benefits positively influence information security compliance in public organizations. Furthermore, the results reveal that regulation and security benefits generate pressures on management to strengthen their commitments towards information security compliance in organizations. It is, however, worthwhile to notice that social pressures do not have a significant impact on management commitments towards information security compliance. The implications of this study indicate the criticality of institutional pressures for enhancing information security compliance in public organizations both directly and indirectly

A Model for Investigating Organizational Impact on Information Security Behavior

The increased amount of attacks targeting humans accessing and using computers has made it significantly important to understand human and organizational behavior in attacks and how resilient behavior can be achieved. This paper presents a research model that attempts to understand how organizational and human factors complement each other in shaping information security behavior. The model was developed through an inductive approach, in which content domain experts were interviewed to gain a deeper understanding of the phenomena. Common patterns that were identified in the interviews were then combined with data collected through surveying the literature. Specifically, the research model includes constructs related to the organization and promotion of information security, constructs related to perceptions of information security awareness and the social conditions within an organizational setting, and individual constructs related to an individual’s perceptions of attitude, normative beliefs, and self-efficacy. Implications for continuing research and how the model will be tested empirically are discussed

Employees\u27 Compliance with ISP: A Socio-Technical Conceptual Model

Employees’ compliance with Information Systems Security Policies (ISP) is critical for protecting organizational data. Both the technical side and the social aspects of IT-use were shown to have significant influence on ISP-compliance. However, they have been mostly studied in isolation, despite the literature’s emphasis on the socio-technical nature of security. Also, while the technical side has been extensively explored, there is a scarcity of research on the social mechanisms that underlie ISP-compliance. Here, we aim at bridging the gap between the technical and social sides of compliance. We also build upon Social Impact Theory to provide a more nuanced understanding of the social influence on ISP-compliance. We suggest that transparency of use is associated with the three pivotal elements of social influence, namely, perceived strength, immediacy, and number of influencing sources, which trigger normative and informational forces towards compliance. The influence of organizational ISP-compliance culture is also discussed

Employees' Compliance with ISP: A Socio-Technical Conceptual Model

Employees’ compliance with Information Systems Security Policies (ISP) is critical for protecting organizational data. Both the technical side and the social aspects of IT-use were shown to have significant influence on ISP-compliance. However, they have been mostly studied in isolation, despite the literature’s emphasis on the socio-technical nature of security. Also, while the technical side has been extensively explored, there is a scarcity of research on the social mechanisms that underlie ISP-compliance. Here, we aim at bridging the gap between the technical and social sides of compliance. We also build upon Social Impact Theory to provide a more nuanced understanding of the social influence on ISP-compliance. We suggest that transparency of use is associated with the three pivotal elements of social influence, namely, perceived strength, immediacy, and number of influencing sources, which trigger normative and informational forces towards compliance. The influence of organizational ISP-compliance culture is also discussed

410 Romanian Managers’ Opinion Regarding the Place and Role of the Organizational culture in the Sustainable Development Management

In the sustainable development management, the following important elements are present and operate: rules of conduct, values, aspirations and expectations, beliefs, specific myths, learned behavior patterns, habits, visible symbols of the company, motivation / reward systems, rights and obligations, components of the organizational culture. These generate the way the activities of sustainable development are structured. The organizational culture influences the sustainable development at the economic, social and environmental level. It contains sustainable values for change, oriented towards the sustainable development management.organizational culture; sustainable development management; the determinants of the organizational culture; human capital; organizational culture dimensions.

Investigating the Moderating Impact of National Culture in Information Systems Security Policy Violation: The Case of Italy and Ethiopia

Information systems security (ISS) has become one of the top agendas of companies located in the developed world. Despite this fact, there is an increasing trend in the types and frequency of ISS breaches. Most of the time researchers and practitioners focus on threat that are caused by external agents while most of the threats are originated from insiders. In addition to this, the majority of the investments and researches around ISS are limited to technically oriented solutions. It is now realized that the technical approach alone couldn’t bring the required level of ISS, and this led ISS researchers to embark on socio-technical approaches. One of the critical social factors that has been given little emphasis is culture. Thus, this research investigates the impact of national culture on employees’ ISS behaviour. Specifically, it answers the question “what is the moderating impact of national culture on the influence of ISS countermeasures on employees’ intention to violate ISS policies?” We will develop and test an empirical ISS compliance model, using rational choice theory and national culture constructs. Survey will be used to collect data from Italy and Ethiopia