IDEAS home Printed from https://ideas.repec.org/a/bjz/ajisjr/2484.html
   My bibliography  Save this article

Organizational Determinants and Compliance Behavior to Shape Information Security Plan

Author

Listed:
  • Maurizio Cavallari

Abstract

In the advanced field of Information and Communication Technology (ICT) within modern corporate frameworks, the pressing issue of non-compliance becomes increasingly crucial. Achieving the ideal balance—where one fosters consistent employee commitment without resorting to overly harsh penalties for possible violations—presents a complex problem. Such a nuanced relationship calls for a synchronized coordination among the company’s underlying factors, the principles of the Information Security Plan (ISP), and overarching compliance mandates. As companies step into a period where digital environments are in constant flux, the importance of securing information systems rises to a critical level. Against this backdrop, compliance stands out as a vital component, functioning as a stringent safeguard in the ongoing mission to protect precious digital assets—a mission comprehensively detailed within the ISP. This in-depth academic study sets out to rigorously explore and scrutinize the diverse opinions and beliefs of committed employees and insightful management concerning unwavering company alignment with the ISP. This is accomplished by defining a construct that centers on key dimensions: Organizational Culture, Personal Attitudes, Actors, Behavioral Intentions, and Motivational Dynamics. Eleven Hypotheses are outlined and represent the materialisation of the model. This model form a starting point from which future empirical exploration will be able to take place, propelling us towards a deeper understanding of the phenomena under scrutiny.

Suggested Citation

  • Maurizio Cavallari, 2023. "Organizational Determinants and Compliance Behavior to Shape Information Security Plan," Academic Journal of Interdisciplinary Studies, Richtmann Publishing Ltd, vol. 12, November.
    • Handle: RePEc:bjz:ajisjr:2484
    DOI: https://doi.org/10.36941/ajis-2023-0151
    as

    Download full text from publisher

    File URL: https://www.richtmann.org/journal/index.php/ajis/article/view/13545
    Download Restriction: no
    File URL: https://www.richtmann.org/journal/index.php/ajis/article/view/13545/13113
    Download Restriction: no
    File URL: https://libkey.io/https://doi.org/10.36941/ajis-2023-0151?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Joshua Davis & Deepti Agrawal & Xiang Guo, 2023. "Enhancing users’ security engagement through cultivating commitment: the role of psychological needs fulfilment," European Journal of Information Systems, Taylor & Francis Journals, vol. 32(2), pages 195-206, March.
    2. Paul Benjamin Lowry & Tamara Dinev & Robert Willison, 2017. "Why security and privacy research lies at the centre of the information systems (IS) artefact: proposing a bold research agenda," European Journal of Information Systems, Taylor & Francis Journals, vol. 26(6), pages 546-563, November.
    3. Suresh Cuganesan & Cara Steele & Alison Hart, 2018. "How senior management and workplace norms influence information security attitudes and self-efficacy," Behaviour and Information Technology, Taylor & Francis Journals, vol. 37(1), pages 50-65, January.
    4. Elina Niemimaa & Marko Niemimaa, 2017. "Information systems security policy implementation in practice: from best practices to situated practices," European Journal of Information Systems, Taylor & Francis Journals, vol. 26(1), pages 1-20, January.
    5. Clay Posey & Uzma Raja & Robert E. Crossler & A. J. Burns, 2017. "Taking stock of organisations’ protection of privacy: categorising and assessing threats to personally identifiable information in the USA," European Journal of Information Systems, Taylor & Francis Journals, vol. 26(6), pages 585-604, November.
    6. Adel M. Qatawneh, 2023. "The Role of Employee Empowerment in Supporting Accounting Information Systems Outcomes: A Mediated Model," Sustainability, MDPI, vol. 15(9), pages 1-16, April.
    7. Emilio J. Castilla & Aruna Ranganathan, 2020. "The Production of Merit: How Managers Understand and Apply Merit in the Workplace," Organization Science, INFORMS, vol. 31(4), pages 909-935, July.
    8. Gilbert K. Amoako & Anokye M. Adam & George Tackie & Clement Lamboi Arthur, 2021. "Environmental Accountability Practices of Environmentally Sensitive Firms in Ghana: Does Institutional Isomorphism Matter?," Sustainability, MDPI, vol. 13(17), pages 1-14, August.
    9. Tatyana Bondarouk & Klaas Sikkel, 2005. "Explaining IT Implementation Through Group Learning," Information Resources Management Journal (IRMJ), IGI Global, vol. 18(1), pages 42-60, January.
    10. Eunkyung Kweon & Hansol Lee & Sangmi Chai & Kyeongwon Yoo, 2021. "The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence," Information Systems Frontiers, Springer, vol. 23(2), pages 361-373, April.
    11. Merrill Warkentin & Robert Willison, 2009. "Behavioral and policy issues in information systems security: the insider threat," European Journal of Information Systems, Taylor & Francis Journals, vol. 18(2), pages 101-105, April.
    12. Yan Chen & Dennis F. Galletta & Paul Benjamin Lowry & Xin (Robert) Luo & Gregory D. Moody & Robert Willison, 2021. "Understanding Inconsistent Employee Compliance with Information Security Policies Through the Lens of the Extended Parallel Process Model," Information Systems Research, INFORMS, vol. 32(3), pages 1043-1065, September.
    13. Li, Yuanxiang John & Hoffman, Elizabeth, 2023. "Designing an incentive mechanism for information security policy compliance: An experiment," Journal of Economic Behavior & Organization, Elsevier, vol. 212(C), pages 138-159.
    14. Mikko Siponen & Anthony Vance, 2014. "Guidelines for improving the contextual relevance of field surveys: the case of information security policy violations," European Journal of Information Systems, Taylor & Francis Journals, vol. 23(3), pages 289-305, May.
    15. Tejaswini Herath & H Raghav Rao, 2009. "Protection motivation and deterrence: a framework for security policy compliance in organisations," European Journal of Information Systems, Taylor & Francis Journals, vol. 18(2), pages 106-125, April.
    16. Benedikt Lebek & Jörg Uffen & Markus Neumann & Bernd Hohler & Michael H. Breitner, 2014. "Information security awareness and behavior: a theory-based literature review," Management Research Review, Emerald Group Publishing Limited, vol. 37(12), pages 1049-1092, November.
    17. Joel R. Motaung & Portia Pearl Siyanda Sifolo, 2023. "Benefits and Barriers of Digital Procurement: Lessons from an Airport Company," Sustainability, MDPI, vol. 15(5), pages 1-18, March.
    18. Giovani Cruzara & José Roberto Frega & Ana Paula Mussi Szabo Cherobim & Emanuel Campigotto Sandri, 2023. "Business Models, Dynamic Capabilities and Industry 4.0: A Framework to Explore This Relationship," International Journal of Innovation and Technology Management (IJITM), World Scientific Publishing Co. Pte. Ltd., vol. 20(06), pages 1-31, October.
    19. Giuseppe Cascavilla & Mauro Conti & David G. Schwartz & Inbal Yahav, 2018. "The insider on the outside: a novel system for the detection of information leakers in social networks," European Journal of Information Systems, Taylor & Francis Journals, vol. 27(4), pages 470-485, July.
    20. Eva Boxenbaum & Stefan Jonsson, 2017. "Isomorphism, diffusion and decoupling: Concept evolution and theoretical challenges," Post-Print hal-01488051, HAL.
    21. Wenqin Li & Rongmin Liu & Linhui Sun & Zigu Guo & Jie Gao, 2022. "An Investigation of Employees’ Intention to Comply with Information Security System—A Mixed Approach Based on Regression Analysis and fsQCA," IJERPH, MDPI, vol. 19(23), pages 1-19, November.
    22. Fatin Nabilah Abd Razak & Aliza Ramli & Zarinah Abdul Rasit, 2020. "Organisation Isomorphism as Determinants of Environmental Management Accounting Practices in Malaysian Public Listed Companies," Humanities and Social Sciences Letters, Conscientia Beam, vol. 8(1), pages 110-122.
    23. Peter Meso & Yi Ding & Shuting Xu, 2013. "Applying Protection Motivation Theory to Information Security Training for College Students," Journal of Information Privacy and Security, Taylor & Francis Journals, vol. 9(1), pages 47-67, January.
    24. Noor Suhani Sulaiman & Muhammad Ashraf Fauzi & Walton Wider & Jegatheesan Rajadurai & Suhaidah Hussain & Siti Aminah Harun, 2022. "Cyber–Information Security Compliance and Violation Behaviour in Organisations: A Systematic Review," Social Sciences, MDPI, vol. 11(9), pages 1-17, August.
    25. Karianne Kalshoven & Scott Taylor, 2018. "Leadership: Philosophical Perspectives and Qualitative Analysis of Ethics—Looking Back, Looking Forward, Looking Around," Journal of Business Ethics, Springer, vol. 148(1), pages 1-3, March.
    26. Samson Iliya Nyahas & John C. Munene & Laura Orobia & Twaha Kigongo Kaawaase, 2017. "Isomorphic influences and voluntary disclosure: The mediating role of organizational culture," Cogent Business & Management, Taylor & Francis Journals, vol. 4(1), pages 1351144-135, January.
    27. Charles J. Kacmar & Susan S. Fiorito & Jane M. Carey, 2009. "The Influence of Attitude on the Acceptance and Use of Information Systems," Information Resources Management Journal (IRMJ), IGI Global, vol. 22(2), pages 22-49, April.
    28. A. J. Burns & Clay Posey & James F. Courtney & Tom L. Roberts & Prabhashi Nanayakkara, 2017. "Organizational information security as a complex adaptive system: insights from three agent-based models," Information Systems Frontiers, Springer, vol. 19(3), pages 509-524, June.
    Full references (including those not matched with items on IDEAS)

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Obi M. Ogbanufe & Corey Baham, 2023. "Using Multi-Factor Authentication for Online Account Security: Examining the Influence of Anticipated Regret," Information Systems Frontiers, Springer, vol. 25(2), pages 897-916, April.
    2. Yan Chen & Dennis F. Galletta & Paul Benjamin Lowry & Xin (Robert) Luo & Gregory D. Moody & Robert Willison, 2021. "Understanding Inconsistent Employee Compliance with Information Security Policies Through the Lens of the Extended Parallel Process Model," Information Systems Research, INFORMS, vol. 32(3), pages 1043-1065, September.
    3. Li, Yuanxiang John & Hoffman, Elizabeth, 2023. "Designing an incentive mechanism for information security policy compliance: An experiment," Journal of Economic Behavior & Organization, Elsevier, vol. 212(C), pages 138-159.
    4. A. J. Burns & Tom L. Roberts & Clay Posey & Paul Benjamin Lowry & Bryan Fuller, 2023. "Going Beyond Deterrence: A Middle-Range Theory of Motives and Controls for Insider Computer Abuse," Information Systems Research, INFORMS, vol. 34(1), pages 342-362, March.
    5. Gilbert K. Amoako & Anokye M. Adam & George Tackie & Clement Lamboi Arthur, 2021. "Environmental Accountability Practices of Environmentally Sensitive Firms in Ghana: Does Institutional Isomorphism Matter?," Sustainability, MDPI, vol. 13(17), pages 1-14, August.
    6. Victoria Kisekka & Sanjay Goel, 2023. "An Investigation of the Factors that Influence Job Performance During Extreme Events: The Role of Information Security Policies," Information Systems Frontiers, Springer, vol. 25(4), pages 1439-1458, August.
    7. Raffaele Trequattrini & Matteo Palmaccio & Mario Turco & Alberto Manzari, 2024. "The contribution of blockchain technologies to anti‐corruption practices: A systematic literature review," Business Strategy and the Environment, Wiley Blackwell, vol. 33(1), pages 4-18, January.
    8. Muel Kaptein, 2023. "A Paradox of Ethics: Why People in Good Organizations do Bad Things," Journal of Business Ethics, Springer, vol. 184(1), pages 297-316, April.
    9. Ileana Daniela Serban, 2021. "The European Union: From a Complex Adaptive System to a Policy Interpreter," Journal of Common Market Studies, Wiley Blackwell, vol. 59(2), pages 388-403, March.
    10. Ruthanne Huising & Susan S. Silbey, 2021. "Accountability infrastructures: Pragmatic compliance inside organizations," Regulation & Governance, John Wiley & Sons, vol. 15(S1), pages 40-62, November.
    11. Mehfooz Ullah & Muhammad Waris Ali Khan & Lee Chia Kuang & Ammar Hussain & Faisal Rana & Asadullah Khan & Mirza Rizwan Sajid, 2020. "A Structural Model for the Antecedents of Sustainable Project Management in Pakistan," Sustainability, MDPI, vol. 12(19), pages 1-19, September.
    12. Bhukya, Ramulu & Paul, Justin, 2023. "Social influence research in consumer behavior: What we learned and what we need to learn? – A hybrid systematic literature review," Journal of Business Research, Elsevier, vol. 162(C).
    13. Jeffrey D. Wall & Prashant Palvia & John D’Arcy, 2022. "Theorizing the Behavioral Effects of Control Complementarity in Security Control Portfolios," Information Systems Frontiers, Springer, vol. 24(2), pages 637-658, April.
    14. Sharma, Amalesh & Moses, Aditya Christopher & Borah, Sourav Bikash & Adhikary, Anirban, 2020. "Investigating the impact of workforce racial diversity on the organizational corporate social responsibility performance: An institutional logics perspective," Journal of Business Research, Elsevier, vol. 107(C), pages 138-152.
    15. Xiangyu Chang & Yinghui Huang & Mei Li & Xin Bo & Subodha Kumar, 2021. "Efficient Detection of Environmental Violators: A Big Data Approach," Production and Operations Management, Production and Operations Management Society, vol. 30(5), pages 1246-1270, May.
    16. Hwee-Joo Kam & Thomas Mattson & Sanjay Goel, 2020. "A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness," Information Systems Frontiers, Springer, vol. 22(5), pages 1241-1264, October.
    17. A. J. Burns & Clay Posey & Tom L. Roberts, 2021. "Insiders’ Adaptations to Security-Based Demands in the Workplace: An Examination of Security Behavioral Complexity," Information Systems Frontiers, Springer, vol. 23(2), pages 343-360, April.
    18. Eunkyung Kweon & Hansol Lee & Sangmi Chai & Kyeongwon Yoo, 2021. "The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence," Information Systems Frontiers, Springer, vol. 23(2), pages 361-373, April.
    19. Hou, Tingting & Luo, Xin (Robert) & Ke, Dan & Cheng, Xusen, 2022. "Exploring different appraisals in deviant sharing behaviors: A mixed-methods study," Journal of Business Research, Elsevier, vol. 139(C), pages 496-509.
    20. Romanus Izuchukwu Okeke & Max Hashem Eiza, 2023. "The Application of Role-Based Framework in Preventing Internal Identity Theft Related Crimes: A Qualitative Case Study of UK Retail Companies," Information Systems Frontiers, Springer, vol. 25(2), pages 451-472, April.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:bjz:ajisjr:2484. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Richtmann Publishing Ltd (email available below). General contact details of provider: https://www.richtmann.org/journal/index.php/ajis .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.