Human Factor in Information Security Governance

Abstract

The goal of this research study is to investigate the people dimension of information security in the context of evaluating the antecedents of employees for security compliance requirements in IT organizations. newlineThe current research study proposes to examine the antecedents of employees and in fulfilling security compliance requirements and research how other factors including management actions, control effectiveness contribute towards organizational culture which in turn influences their behavior towards information security compliance. newlineTwo key theories are used as a frame of reference of this research study Theory of Planned Behaviour (TPB) from an organizational perspective in inculcating robust security culture for ensuring compliant security behavior and General Deterrence Theory (GDT) from an individual perspective to serve as a deterrent for causing any information security policy violations leading to security deviant behavior. Further, a relevant model - Selective Organizational Information Privacy and Security Violations Model (SOIPSVM) is used in this study to demonstrate relationship with one of the independent variables classified under organizational antecedents. newlineA survey of extant literature review shows there is dearth of studies in examining the relationship between the organizational information security culture and employees intent to comply. The research model proposed posits that a few independent variables like management commitment, sanctions, awareness training, subjective norms and peer behaviour influence the organizational information security culture which in turn stimulates the dependent variable - employees intent for information security compliance controlling for age, education and experience.