Investigating the Impact of Organizational Culture on Information Security Policy Compliance : The Case of Ethiopia

Abstract

Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' threats; conversely, insiders are responsible for most of the security breaches in organizations. Further, the majority of information security research findings are limited to solutions that are technically focused. However, it is now recognized that the technological approach alone does not carry the security level needed. So this led researchers to embark on socio-technical approaches. Thus, this study explores organizational culture's effect on employees' intention to comply with information security policies (ISP). A rational choice theory and a computing value framework construct are used to build and evaluate an empirical ISP compliance model. A survey method used to collect data from Ethiopia.