International Journal of Information Technology & Computer Science ( IJITCS )
Implementation of information system provides many benefits to the organization. However, issues of information system security should be seriously considered because organization’s data are confidential and need to be protected as it might be exposed to unauthorized users. Employees’ behavior is already known as one of information security issues because people are sometime careless and do not want to comply with information security policies due to time consuming and inconvenience to practice recommended information security behavior. Thus, this study was carried out with aim to explore and develop a conceptual framework that can be used to investigate the constructs that influence employees’ behavior to comply with information security policies. In finding the research gap, this study reviewed existing literatures related to this field extensively. Employee’s behavior toward information security is important because they are users of information system that give an impact to the effectiveness of information system security. Therefore, employees’ behavior should be seriously considered as a substantial issue in information security.
: Management support; Information security; Employees’ Behavior; Information system security effectiveness
- I. Princely, "Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory," Computers & Security, vol. 31, pp. 83-95, 2012.
- T. Herath and H. R. Rao, "Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness," Decision Support Systems, vol. 47, pp. 154-165, 2009.
- A. Da Veiga and J. H. P. Eloff, "A framework and assessment instrument for information security culture," Computers & Security, vol. 29, pp. 196-207, 2010.
- J. W. Brady, "Securing Health Care: Assessing Factors That Affect HIPAA Security Compliance in Academic Medical Centers," in System Sciences (HICSS), 2011 44th Hawaii International Conference on, 2011, pp. 1-10.
- M. Fishbein and I. Ajzen, Belief, attitude, intention, and behavior: An introduction to theory and research: Addison-Wesley, 1975.
- A. Kankanhalli*, et al., "An integrative study of information systems security effectiveness," International Journal of Information Management, vol. 23, pp. 139-154, 2003.
- S. Kaushal, "Effect of leadership and organizational culture on information technology effectiveness: A review," in Research and Innovation in Information Systems (ICRIIS), 2011 International Conference on, 2011, pp. 1-5.
- J. M. Burns, "Leadership," in New York: Harper and Row, ed, 1978.
- M.-C. Lo, et al., "Does transformational leadership style foster commitment to change? The case of higher education in Malaysia," Social and Behavioral Science, vol. 2, pp. 5384-5388, 2010.
- B. M. Bass, "Leadership and performance beyond expectation.," in The Free Press, ed. New York, 1985.
- I. Koskosas, et al., "Examining the linkage between information security and end-user trust," International Journal of Computer Science & Information Security, vol. 9, pp. 21-31, 2011.
- D. W. Straub, "Effective IS security: An empirical study," Information Systems Research, vol. 1, pp. 255-276, 1990.
- K. J. Knapp, et al., "Information security policy: An organizational-level process model," Computers & Security, vol. 28, pp. 493-508, 2009.
- H. A. Kruger and W. D. Kearney, "A prototype for assessing information security awareness," Computers & Security, vol. 25, pp. 289-296, 2006.
- R. S. Shaw, et al., "The impact of information richness on information security awareness training effectiveness," Computer & Education, vol. 52, pp. 92-100, 2009.
- M. Siponen, et al., "Compliance with Information Security Policies: An Empirical Investigation," Computer, vol. 43, pp. 64-71, 2010.
- W. Al-Salihy, et al., "Effectiveness of information systems security in IT organizations in Malaysia," in Communications, 2003. APCC 2003. The 9th Asia-Pacific Conference on, 2003, pp. 716-720 Vol.2.
- M. Chan, et al., "Perceptions of information security in the workplace: linking information security climate to compliant behavior," Journal of Information Privacy and Security, vol. 1, 2005.
- S. Moller, et al., "Modeling the behavior of users who are confronted with security mechanisms," Computer & Security, vol. 30, pp. 242-256, 2011.
- H.-S. Rhee, et al., "Self-efficacy in information security: Its influence on end users' information security practice behavior," Computers & Security, vol. 28, pp. 816-826, 2009.