The moderating impact of organizational culture on information security compliance
Ejigu, K., Siponen, M., & Muluneh, T. (2023). The moderating impact of organizational culture on information security compliance. Sinet, 46(3), 250-270. https://doi.org/10.4314/sinet.v46i3.3
Julkaistu sarjassa
SinetPäivämäärä
2023Tekijänoikeudet
© College of Natural and Computational Sciences, Addis Ababa University, 2023
This research paper investigates the association between organizational culture and employees' compliance with information security policies. Drawing upon rational choice theory (RCT) and the competing values framework (CVF), our study explores the moderating effects of cultural dimensions on information security compliance in a diverse range of organizations. We employ a scenario-based approach and analyze the data using Partial Least Squares Structural Equation Modeling (PLS-SEM). Our findings underscore the robustness of the model and emphasize the pivotal role of cultural dimensions in influencing employees' compliance intentions. The study contributes by synthesizing non-fear-based deterrence theory with organizational culture theory, offering practical insights for information security managers. Recommendations include framing compliance as a moral duty, involving end-users in policy development, utilizing effective communication, implementing monitoring systems, and fostering a consistency culture. For organizations, the research underscores the importance of cultivating an ethical culture, emphasizing moral beliefs, and leveraging cultural dimensions to enhance compliance intentions. Acknowledging limitations related to single-country data collection, a focus on compliance intentions, and the selection of organizations with established policies, this research paves the way for future studies. Future research should aim to replicate this study in diverse cultural settings, consider individual-level culture measurement, and explore additional moderating factors. This research contributes to understanding the intricate relationship between organizational culture and information security compliance, offering actionable insights for practitioners and prospects for further exploration in the information security field.
...
Julkaisija
Addis Ababa University PressISSN Hae Julkaisufoorumista
0379-2897Asiasanat
Julkaisu tutkimustietojärjestelmässä
https://converis.jyu.fi/converis/portal/detail/Publication/212338507
Metadata
Näytä kaikki kuvailutiedotKokoelmat
Lisenssi
Samankaltainen aineisto
Näytetään aineistoja, joilla on samankaltainen nimeke tai asiasanat.
-
Investigating the Impact of Organizational Culture on Information Security Policy Compliance : The Case of Ethiopia
Ejigu, Kibrom Tadesse; Siponen, Mikko; Arage, Tilahun Muluneh (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ... -
Influence of Organizational Culture on Employees Information Security Policy Compliance in Ethiopian Companies
Ejigu, Kibrom; Siponen, Mikko; Muluneh, Tilahun (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ... -
Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures
Vance, Anthony; Boyer Fellow, Selvoy J.; Siponen, Mikko T.; Straub, Detmar W. (Elsevier, 2020)A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies ... -
Review of the methods for the development of information security policies at organizations
Wu, Shan (2016)This thesis aims to have an overview of the current studies in the development of information security policy. The research is based on a systematical literature review. The study focuses on the development process of ... -
Method Framework for Developing Enterprise Architecture Security Principles
Larno, Sara; Seppänen, Ville; Nurmi, Jarkko (RTU Press, 2019)Organizations need to consider many facets of information security in their daily operations – among others, the rapidly increasing use of IT, emerging technologies and digitalization of organizations’ core resources provoke ...
Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.