Purpose
This paper aims to establish that employees’ non-compliance with information security policy (ISP) could be addressed by nurturing ISP compliance culture through the promotion of factors such as supportive organizational culture, end-user involvement and compliance leadership to influence employees’ attitudes and behaviour intentions towards ISP in organizations. This paper also aims to develop a testable research model that might be useful for future researchers in predicting employees’ behavioural intentions.
Design/methodology/approach
In view of the study’s aim, a research model to show how three key constructs can influence the attitudes and behaviours of employees towards the establishment of security policy compliance culture (ISPCC) was developed and validated in an empirical field survey.
Findings
The study found that factors such as supportive organizational culture and end-user involvement significantly influenced employees’ attitudes towards compliance with ISP. However, leadership showed the weakest influence on attitudes towards compliance. The overall results showed that employees’ attitudes and behavioural intentions towards ISP compliance together influenced the establishment of ISPCC for ISP compliance in organizations.
Practical implications
Organizations should influence employees’ attitudes towards compliance with ISP by providing effective ISP leadership, encouraging end-user involvement during the draft and update of ISP and nurturing a culture that is conducive for ISP compliance.
Originality/value
The study provides some insights on how to effectively address the problem of non-compliance with ISP in organizations through the establishment of ISPCC, which has not been considered in any past research.
Purpose
This paper aims to examine the individual and combined effects of organisational and behavioural factors on employees’ attitudes and intentions to establish an information security policy compliance culture (ISPCC) in organisations.
Design/methodology/approach
Based on factors derived from the organisational culture theory, social bond theory and accountability theory, a testable research model was developed and evaluated in an online survey that involves the use of a questionnaire to collect quantitative data from 313 employees, from ten different organisations in Ghana. The data collected were analysed using the partial least squares-structural equation modelling approach, involving the measurement and structural model tests.
Findings
The study reveals that the individual measures of accountability – identifiability (2.4%), expectations of evaluation (38.8%), awareness of monitoring (55.7%) and social presence (−41.2%) – had weak to moderate effects on employees’ attitudes towards information security policy compliance. However, the combined effect showed a significant influence. In addition, organisational factors – supportive organisational culture (15%), security compliance leadership (2%) and user involvement (63%) – showed positive effects on employees’ attitudes. Further, employees’ attitudes had a substantial influence (65%), while behavioural intentions demonstrated a weak effect (24%) on the establishment of an ISPCC in the organisation. The combined effect also had a substantial statistical influence on the establishment of an ISPCC in the organisation.
Practical implications
Given the findings of the study, information security practitioners should implement organisational and behavioural factors that will have an impact on compliance, in tandem, with the organisational effort to build a culture of compliance for information security policies.
Originality/value
The study provides new insights on how to address the problem of non-compliance with regard to the information security policy in organisations through the combined application of organisational and behavioural factors to establish an information security policy compliance culture, which has not been considered in any past research.
This paper investigates the determinants that will influence students’ acceptance of the electronic learning (e-learning) system of education after the COVID-19 emergency. Specifically, the paper assesses the attitudes and intentions of students in second-cycle institutions to accept e-learning after the pandemic, using constructs derived from the health belief model and technology acceptance model. Also, we test if there is any significant difference in the attitudes and intentions of students in public and private institutions. Using data collected from 370 students in upper and lower levels of a second-cycle institutions in Ghana, we found that student attitude is significantly influenced by perceived usefulness and moderately affected by perceived severity, whereas, student’s intention is moderately affected by the perceived severity but substantially influenced by the student’s attitude towards usage. Also, the results revealed that students’ attitudes and intentions to use e-learning are moderately affected by the severity of the ongoing COVID-19 pandemic. Finally, there were no significant differences in the attitudes and intentions of the sampled students in public and private second-cycle institutions in Ghana, regarding their acceptance and usage of e-learning after the COVID-19 emergency. Given the study’s findings, the paper concludes that students’ attitudes and intention to use e-learning are the main determinants that will influence the students’ acceptance of the e-learning system of education in second-cycle institutions in Ghana after the COVID-19 emergency. The paper contributes to knowledge by providing evidence of students’ acceptance of the e-learning system of education after the COVID-19 emergency in the context of a developing country like Ghana.
Today, the internet extensively impacts people's lives through improved communications, interactions, and the exchange of information. Despite all these positive effects, it also causes in significant negative issues. Over the recent years, cases of online fraud, cyber-bullying, racial abuse, gambling, and pornography have increased due to the lack of self-control and overall awareness among internet users. Therefore, there is a need to create awareness and training on cybersecurity in schools to protect students from cyber-bullying, online fraud, and being targets of prejudice. Research reveals that the level of self-control and awareness among internet users is still moderate and low. To ensure cybersecurity awareness and knowledge among internet users, young people need to get educated on how to operate safely in cyberspace. This education will guarantee that they understand how to protect themselves from cybercrimes. To this extent, this research paper will explore the essence of cybersecurity education in schools and provide strategies that educators can utilize to promote cybersecurity education across learning institutions. This paper will thus conclude how cybersecurity training can be implemented in a learning institution.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.