The moderating impact of organizational culture on information security compliance
Ejigu, K., Siponen, M., & Muluneh, T. (2023). The moderating impact of organizational culture on information security compliance. Sinet, 46(3), 250-270. https://doi.org/10.4314/sinet.v46i3.3
Published in
SinetDate
2023Copyright
© College of Natural and Computational Sciences, Addis Ababa University, 2023
This research paper investigates the association between organizational culture and employees' compliance with information security policies. Drawing upon rational choice theory (RCT) and the competing values framework (CVF), our study explores the moderating effects of cultural dimensions on information security compliance in a diverse range of organizations. We employ a scenario-based approach and analyze the data using Partial Least Squares Structural Equation Modeling (PLS-SEM). Our findings underscore the robustness of the model and emphasize the pivotal role of cultural dimensions in influencing employees' compliance intentions. The study contributes by synthesizing non-fear-based deterrence theory with organizational culture theory, offering practical insights for information security managers. Recommendations include framing compliance as a moral duty, involving end-users in policy development, utilizing effective communication, implementing monitoring systems, and fostering a consistency culture. For organizations, the research underscores the importance of cultivating an ethical culture, emphasizing moral beliefs, and leveraging cultural dimensions to enhance compliance intentions. Acknowledging limitations related to single-country data collection, a focus on compliance intentions, and the selection of organizations with established policies, this research paves the way for future studies. Future research should aim to replicate this study in diverse cultural settings, consider individual-level culture measurement, and explore additional moderating factors. This research contributes to understanding the intricate relationship between organizational culture and information security compliance, offering actionable insights for practitioners and prospects for further exploration in the information security field.
...
Publisher
Addis Ababa University PressISSN Search the Publication Forum
0379-2897Keywords
Publication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/212338507
Metadata
Show full item recordCollections
License
Related items
Showing items with similar title or keywords.
-
Investigating the Impact of Organizational Culture on Information Security Policy Compliance : The Case of Ethiopia
Ejigu, Kibrom Tadesse; Siponen, Mikko; Arage, Tilahun Muluneh (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ... -
Influence of Organizational Culture on Employees Information Security Policy Compliance in Ethiopian Companies
Ejigu, Kibrom; Siponen, Mikko; Muluneh, Tilahun (Association for Information Systems, 2021)Information security is one of the organizations' top agendas worldwide. Similarly, there is a growing trend in the kinds and rate of security breaches. Information security experts and scholars concentrate on outsiders' ... -
Method Framework for Developing Enterprise Architecture Security Principles
Larno, Sara; Seppänen, Ville; Nurmi, Jarkko (RTU Press, 2019)Organizations need to consider many facets of information security in their daily operations – among others, the rapidly increasing use of IT, emerging technologies and digitalization of organizations’ core resources provoke ... -
Toward a stage theory of the development of employees' information security behavior
Karjalainen, Mari; Siponen, Mikko; Sarker, Suprateek (Elsevier, 2020)Existing behavioral information security research proposes continuum or non-stage models that focus on finding static determinants for information security behavior (ISB) that remains unchanged. Such models cannot explain ... -
Effects of Sanctions, Moral Beliefs, and Neutralization on Information Security Policy Violations Across Cultures
Vance, Anthony; Boyer Fellow, Selvoy J.; Siponen, Mikko T.; Straub, Detmar W. (Elsevier, 2020)A principal concern of organizations is the failure of employees to comply with information security policies (ISPs). Deterrence theory is one of the most frequently used theories for examining ISP violations, yet studies ...