IDEAS home Printed from https://ideas.repec.org/a/gam/jsusta/v12y2020i20p8576-d429201.html
   My bibliography  Save this article

Organizational Governance, Social Bonds and Information Security Policy Compliance: A Perspective towards Oil and Gas Employees

Author

Listed:
  • Rao Faizan Ali

    (Department of Computer and Information Sciences, Universiti Teknologi PETRONAS, Bandar Seri Iskandar, Perak 32610, Malaysia)

  • P.D.D. Dominic

    (Department of Computer and Information Sciences, Universiti Teknologi PETRONAS, Bandar Seri Iskandar, Perak 32610, Malaysia)

  • Kashif Ali

    (Department of Management Sciences, COMSATS University Islamabad, Islamabad 46000, Pakistan)

Abstract

Information security attacks on oil and gas (O&G) organizations have increased since the last decade. From 2015 to 2019, almost 70 percent of O&G organizations faced at least one significant security breach worldwide. Research has shown that 43 percent of security attacks on O&G organizations occur due to the non-compliant behavior of O&G employees towards information security policy. The existing literature provides multiple solutions for technical security controls of O&G organizations. However, there are very few studies available that address behavioral security controls, specifically for O&G organizations of developing countries. The purpose of this study is to provide a comprehensive framework for information security policy compliance (ISPC) for the O&G sector. A mixed-method approach is used to develop the research framework. Semi-structured interviews from O&G specialists refined the developed framework. Based on qualitative study a survey questionnaire was developed. To evaluate the research framework, structural equation modeling was applied to a sample of 254 managers/executives from 150 Malaysian O&G organizations. The obtained test results confirmed the proposed research model, according to which good social bonding among employees plays a critical role in improving ISPC. However, there was less support for the notion that all organizational governance factors significantly improve the social bonding of Malaysian O&G organizations employees. This paper contributes to the current information system (IS) literature by exploring the interrelationships among organizational governance, social bonding, and information security policy compliance (ISPC) in Malaysian O&G organizations.

Suggested Citation

  • Rao Faizan Ali & P.D.D. Dominic & Kashif Ali, 2020. "Organizational Governance, Social Bonds and Information Security Policy Compliance: A Perspective towards Oil and Gas Employees," Sustainability, MDPI, vol. 12(20), pages 1-27, October.
    • Handle: RePEc:gam:jsusta:v:12:y:2020:i:20:p:8576-:d:429201
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/2071-1050/12/20/8576/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/2071-1050/12/20/8576/
    Download Restriction: no
    ---><---

    References listed on IDEAS

    as
    1. Kwantes, Catherine T. & Boglarsky, Cheryl A., 2007. "Perceptions of organizational culture, leadership effectiveness and personal effectiveness across six countries," Journal of International Management, Elsevier, vol. 13(2), pages 204-230, June.
    2. Amanda Chu & Patrick Chau & Mike So, 2015. "Explaining the Misuse of Information Systems Resources in the Workplace: A Dual-Process Approach," Journal of Business Ethics, Springer, vol. 131(1), pages 209-225, September.
    3. Jaatun, Martin Gilje & Albrechtsen, Eirik & Line, Maria B. & Tøndel, Inger Anne & Longva, Odd Helge, 2009. "A framework for incident response management in the petroleum industry," International Journal of Critical Infrastructure Protection, Elsevier, vol. 2(1), pages 26-37.
    4. Simon Trang & Benedikt Brendel, 2019. "A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research," Information Systems Frontiers, Springer, vol. 21(6), pages 1265-1284, December.
    5. Sampath Kumar Venkatachary & Jagdish Prasad & Ravi Samikannu, 2017. "Economic Impacts of Cyber Security in Energy Sector: A Review," International Journal of Energy Economics and Policy, Econjournals, vol. 7(5), pages 250-262.
    6. John D'Arcy & Anat Hovav & Dennis Galletta, 2009. "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach," Information Systems Research, INFORMS, vol. 20(1), pages 79-98, March.
    7. Olatz Lopez-Fernandez & Jose Molina-Azorin, 2011. "The use of mixed methods research in the field of behavioural sciences," Quality & Quantity: International Journal of Methodology, Springer, vol. 45(6), pages 1459-1472, October.
    8. Princely Ifinedo, 2018. "Roles of Organizational Climate, Social Bonds, and Perceptions of Security Threats on IS Security Policy Compliance Intentions," Information Resources Management Journal (IRMJ), IGI Global, vol. 31(1), pages 53-82, January.
    9. Jack Shih-Chieh Hsu & Sheng-Pao Shih & Yu Wen Hung & Paul Benjamin Lowry, 2015. "The Role of Extra-Role Behaviors and Social Controls in Information Security Policy Effectiveness," Information Systems Research, INFORMS, vol. 26(2), pages 282-300, June.
    10. Karl E. Weick & Kathleen M. Sutcliffe & David Obstfeld, 2005. "Organizing and the Process of Sensemaking," Organization Science, INFORMS, vol. 16(4), pages 409-421, August.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Ebrahim A. A. Ghaleb & P. D. D. Dominic & Suliman Mohamed Fati & Amgad Muneer & Rao Faizan Ali, 2021. "The Assessment of Big Data Adoption Readiness with a Technology–Organization–Environment Framework: A Perspective towards Healthcare Employees," Sustainability, MDPI, vol. 13(15), pages 1-33, July.
    2. Zengjian Huang & Amna Shahzadi & Yaser Daanial Khan, 2022. "Unfolding the Impact of Quality 4.0 Practices on Industry 4.0 and Circular Economy Practices: A Hybrid SEM-ANN Approach," Sustainability, MDPI, vol. 14(23), pages 1-20, November.
    3. Ke Dong & Rao Faizan Ali & P. D. D. Dominic & Syed Emad Azhar Ali, 2021. "The Effect of Organizational Information Security Climate on Information Security Policy Compliance: The Mediating Effect of Social Bonding towards Healthcare Nurses," Sustainability, MDPI, vol. 13(5), pages 1-25, March.
    4. Satirenjit Kaur Johl & Md Abu Toha, 2021. "The Nexus between Proactive Eco-Innovation and Firm Financial Performance: A Circular Economy Perspective," Sustainability, MDPI, vol. 13(11), pages 1-25, June.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Kumju Hwang & Hyemi Um, 2021. "Social Controls and Bonds of Public Information Consumer on Sustainable Utilization and Provision for Computing," Sustainability, MDPI, vol. 13(9), pages 1-20, May.
    2. Debabrata Dey & Abhijeet Ghoshal & Atanu Lahiri, 2022. "Circumventing Circumvention: An Economic Analysis of the Role of Education and Enforcement," Management Science, INFORMS, vol. 68(4), pages 2914-2931, April.
    3. Jeffrey D. Wall & Prashant Palvia & John D’Arcy, 2022. "Theorizing the Behavioral Effects of Control Complementarity in Security Control Portfolios," Information Systems Frontiers, Springer, vol. 24(2), pages 637-658, April.
    4. Eunkyung Kweon & Hansol Lee & Sangmi Chai & Kyeongwon Yoo, 2021. "The Utility of Information Security Training and Education on Cybersecurity Incidents: An empirical evidence," Information Systems Frontiers, Springer, vol. 23(2), pages 361-373, April.
    5. Li, Yuanxiang John & Hoffman, Elizabeth, 2023. "Designing an incentive mechanism for information security policy compliance: An experiment," Journal of Economic Behavior & Organization, Elsevier, vol. 212(C), pages 138-159.
    6. Murilo Catussi Almeida & Adilson Carlos Yoshikuni & Rajeev Dwivedi & Cláudio Luís Carvalho Larieira, 2022. "Do Leadership Styles Influence Employee Information Systems Security Intention? A Study of the Banking Industry," Global Journal of Flexible Systems Management, Springer;Global Institute of Flexible Systems Management, vol. 23(4), pages 535-550, December.
    7. Amanda M. Y. Chu & Mike K. P. So & Ray S. W. Chung, 2018. "Applying the Randomized Response Technique in Business Ethics Research: The Misuse of Information Systems Resources in the Workplace," Journal of Business Ethics, Springer, vol. 151(1), pages 195-212, August.
    8. Amanda M. Y. Chu & Mike K. P. So, 2020. "Organizational Information Security Management for Sustainable Information Systems: An Unethical Employee Information Security Behavior Perspective," Sustainability, MDPI, vol. 12(8), pages 1-25, April.
    9. Andy C. Y. Chong & Amanda M. Y. Chu & Mike K. P. So & Ray S. W. Chung, 2019. "Asking Sensitive Questions Using the Randomized Response Approach in Public Health Research: An Empirical Study on the Factors of Illegal Waste Disposal," IJERPH, MDPI, vol. 16(6), pages 1-15, March.
    10. Carlos Martin-Rios, 2016. "Innovative management control systems in knowledge work: a middle manager perspective," Journal of Management Control: Zeitschrift für Planung und Unternehmenssteuerung, Springer, vol. 27(2), pages 181-204, May.
    11. Verena Brinks, 2016. "Situated affect and collective meaning: A community perspective on processes of value creation and commercialization in enthusiast-driven fields," Environment and Planning A, , vol. 48(6), pages 1152-1169, June.
    12. Stefan Gröschl & Patricia Gabaldón & Tobias Hahn, 2019. "The Co-evolution of Leaders’ Cognitive Complexity and Corporate Sustainability: The Case of the CEO of Puma," Journal of Business Ethics, Springer, vol. 155(3), pages 741-762, March.
    13. Elena Antonacopoulou, 2018. "Energising critique in action and in learning: The GNOSIS 4R Framework," Action Learning: Research and Practice, Taylor & Francis Journals, vol. 15(2), pages 102-125, May.
    14. Zhenjiao Chen & Yaqing Liu, 2020. "The Effects of Leadership and Reward Policy on Employees’ Electricity Saving Behaviors: An Empirical Study in China," IJERPH, MDPI, vol. 17(6), pages 1-15, March.
    15. Guiette, Alain & Vandenbempt, Koen, 2017. "Change managerialism and micro-processes of sensemaking during change implementation," Scandinavian Journal of Management, Elsevier, vol. 33(2), pages 65-81.
    16. Martina Linnenluecke & Andrew Griffiths & Peter Mumby, 2015. "Executives’ engagement with climate science and perceived need for business adaptation to climate change," Climatic Change, Springer, vol. 131(2), pages 321-333, July.
    17. Per Engelseth & Richard Glavee-Geo & Artur Janusz & Enoch Niboi, 2020. "The Emergent Nature of Networked Sustainable Procurement," Sustainability, MDPI, vol. 13(1), pages 1-18, December.
    18. Femke Hilverda & Margôt Kuttschreuter, 2018. "Online Information Sharing About Risks: The Case of Organic Food," Risk Analysis, John Wiley & Sons, vol. 38(9), pages 1904-1920, September.
    19. Jeffery S. McMullen & Dimo Dimov, 2013. "Time and the Entrepreneurial Journey: The Problems and Promise of Studying Entrepreneurship as a Process," Journal of Management Studies, Wiley Blackwell, vol. 50(8), pages 1481-1512, December.
    20. Emil Evenhuis, 2017. "Institutional change in cities and regions: a path dependency approach," Cambridge Journal of Regions, Economy and Society, Cambridge Political Economy Society, vol. 10(3), pages 509-526.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jsusta:v:12:y:2020:i:20:p:8576-:d:429201. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.