Information security policies’ compliance: a perspective for higher education institutions

This paper provides a systematic literature review in the information security policies’ compliance (ISPC) field, with respect to information security culture, information security awareness, and information security management exploring in various settings the research designs, methodologies, and frameworks that have evolved over the last decade. Studies conducted from 2006 to 2016 reporting results from data collected through diverse means have been explored; however, only a few studies have focused primarily on a sensitive infrastructure under risk, as is the case with higher education institutions (HEIs). This study reports that ISPC in HEIs remains scarce, as is the realization of security threats and dissemination of information security policies to end users (employees). This research makes a novel contribution to the body of knowledge as a unique study that has reviewed the influence of institutional governance in HEIs on protection motivation leading towards ISPC

Gauging the school-based acceptability of Web 2.0 collaborative tools

This article develops an insight of the factors affecting the use of social networking sites (SNSs) for mutual participation/collaboration among school stakeholders. Collaborative social networks that have a casual disregard for personal information put users at risk and afford a cybercriminal the opportunity to attack by exploiting information about the victim that is readily accessible and, with hindsight, unintended. Our research, among 380 school stakeholders, shows that students, teachers and parents are frequent users of SNSs but lack awareness of the rules and regulations, i.e. cyber safety, for SNS usage. This inability on how to deal with online hazards affects users' trust in online friends. Moreover, trust of a user in SNS is instantly influenced by the security and privacy seal provided by the SNS service provider and consequently these trust factors manipulate users' intention to use SNS for participation/collaboration among each other

Investigation of information security policy violations among oil and gas employees: A security-related stress and avoidance coping perspective

Information security is one of the most crucial considerations in digitising Oil and Gas (O&amp;G) organisations. For ensuring information security policy compliance, O&amp;G organisations enforce heavy security requirements. The purpose of this article is to assess how O&amp;G employees cope with stressful information security tasks and how security-related stress (SRS) is related to information security policy violations among O&amp;G employees in developing countries. Based on the coping theory, this article develops a theoretical framework to examine O&amp;G employees’ intention to violate information security policies. The framework is tested using a survey of 270 managers/executives from 150 Malaysian O&amp;G organisations. The results indicated that O&amp;G employees perceive security requirements as stressful to follow and adopt avoidance coping strategies that lead them to violate organisational information security policies. For practitioners, the study findings demonstrate the prevalence of technostress in O&amp;G organisations and suggest alternative mechanisms to address the stressful effects of information security requirements. This article contributes to the information system security literature by testing procrastination and psychological detachment with SRS in the context of developing countries' O&amp;G organisations’ employees and provides an understanding of how O&amp;G employees adopt avoidance coping. </jats:p

Investigation of information security policy violations among oil and gas employees: A security-related stress and avoidance coping perspective

Information security is one of the most crucial considerations in digitising Oil and Gas (O&G) organisations. For ensuring information security policy compliance, O&G organisations enforce heavy security requirements. The purpose of this article is to assess how O&G employees cope with stressful information security tasks and how security-related stress (SRS) is related to information security policy violations among O&G employees in developing countries. Based on the coping theory, this article develops a theoretical framework to examine O&G employees’ intention to violate information security policies. The framework is tested using a survey of 270 managers/executives from 150 Malaysian O&G organisations. The results indicated that O&G employees perceive security requirements as stressful to follow and adopt avoidance coping strategies that lead them to violate organisational information security policies. For practitioners, the study findings demonstrate the prevalence of technostress in O&G organisations and suggest alternative mechanisms to address the stressful effects of information security requirements. This article contributes to the information system security literature by testing procrastination and psychological detachment with SRS in the context of developing countries' O&G organisations’ employees and provides an understanding of how O&G employees adopt avoidance coping

Institutional governance and protection motivation: theoretical insights into shaping employees’ security compliance behavior in higher education institutions in the developing world

Higher education institutions (HEIs) are progressively computerized to deal with substantial academic and operational information. With the increase in enriched information systems (IS) comes the potential hazard of malicious exposure to internal and external threats. This academic sector is advancing in the implementation of technical security controls; however, behavioral influence is still a challenge in the information security domain. Information security policies (ISPs) are generally designed and developed to control employees’ working behavior, yet compliance with these documents is near to non-existent. This research paper describes an empirical test of the influence of institutional governance (IG) on protection motivation and planned behavior of employees in HEIs. Results were analyzed using structural equation modeling (SEM) techniques. Our findings confirm the significant contribution of IG in motivating protection behavior among employees of HEIs. This cultivated motivation encourages positive conduct in information security policy compliance (ISPC)