Evaluating the explanatory power of theoretical frameworks on intention to comply with information security policies in higher education

Higher education institutions have invested heavily in their high-tech infrastructure to ensure the security and integrity of their information. Incompliance with information technology policies has shown to lead to mass information leaks, reputational damage and potential litigation. Little researc...

Full description

Saved in:
Bibliographic Details
Published inComputers & security Vol. 80; pp. 211 - 223
Main Authors Rajab, Majed, Eydgahi, Ali
Format Journal Article
LanguageEnglish
Published Amsterdam Elsevier Ltd 01.01.2019
Elsevier Sequoia S.A
Subjects
Compliance
Cybersecurity
Data integrity
Employees
Higher education
Information security
Information technology
Least squares method
Mathematical models
Organizational behavior
Partial least squares
Security management
Studies
Theoretical frameworks
Theory of planned behavior
Theoretical frameworks
Higher education
Compliance
Partial least squares
Information security
Online AccessGet full text
ISSN0167-4048
1872-6208
DOI10.1016/j.cose.2018.09.016

Cover

More Information
Summary:Higher education institutions have invested heavily in their high-tech infrastructure to ensure the security and integrity of their information. Incompliance with information technology policies has shown to lead to mass information leaks, reputational damage and potential litigation. Little research has been conducted on the subject of employees’ compliance with such sensitive protocols. This paper presents a comprehensive theoretical model based on Theory of Planned Behavior, Protection Motivation Theory, General Deterrence Theory and Organizational Theory for predicting intentions of higher education employees' compliance with information security policies. Utilizing a survey instrument and using Structural Equation Modeling-Partial Least Squares method, this study found that perceived vulnerability, response efficacy and response cost to be the most predictive indicators that are positively associated with intentions of information security compliance among university staff and faculty. But, little support was found for the General Deterrence Theory, Theory of Planned Behavior and Organizational Theory in explaining the variance of higher education staff intentions to comply with information security policies. Results indicated that the Protection Motivation Theory provides the best theoretical framework to understand higher education employees’ behavior with respect to compliance with information security. Such results confirmed earlier empirical investigations attempting to understand the basic question of why do employees differ with respect to compliance with information security. Consistent with the prior research, severe sanctions, close management supervision, peers’ pressure and attitudes towards information security do not matter as much as perceived vulnerability and response efficacy in ensuring higher levels of intentions to comply with ISPs in organizations. The study recommends universities and colleges to invest in applied information security training for their staff, as well as for the university overall community.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:0167-4048
1872-6208
DOI:10.1016/j.cose.2018.09.016