Top

Published in:

2022 | OriginalPaper | Chapter

A Conceptual Framework for Exploring the Factors Influencing Information Security Policy Compliance in Emerging Economies

Authors : Salah Kabanda, Seapei Nozimbali Mogoane

Published in: e-Infrastructure and e-Services for Developing Countries

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Information security is an important aspect of every organisation today, specifically in Sub Saharan African (SSA) countries whose economies are perceived to be a growing home ground for cyber criminals. Whilst studies on information security policies (ISP) have offered understanding as to why threat agents do not comply with ISP; this understanding comes mainly from the developed economies, thereby giving a generalised view of ISP compliance. This study identifies the factors influencing ISP compliance within emerging economies of SSA. Following a literature review synthesis of the information security terrain, the findings show that ISP compliance is influenced by three main factors of individual characteristics, organisational and environment characteristics. Further, the findings show how the lack of institutional structures that require organisation to abide to both normative and cohesive pressure; influences organisations not to seek information security legitimacy This then influences how threat agents respond to ISP compliance. The implications of these findings for practice and policy are highlighted.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Analysis of Channel Uncertainty on OFDM/FBMC DVB-T2 Simulations

next chapter Effective Contribution of Internet of Things (IoT) in Smart Agriculture: State of Art

Von Solms, R., Van Niekerk, J.: From information security to cyber security. Comput. Secur. 38, 97–102 (2013)CrossRef

Glaspie, H.W., Karwowski, W.: Human factors in information security culture: a literature review. In: Nicholson, D. (ed.) Advances in Human Factors in Cybersecurity, pp. 269–280. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-60585-2_25CrossRef

Heneke, D., Ophoff, J., Stander, A.: The threats that insiders pose to critical infrastructure–a South African perspective. In: HAISA, pp. 279–289 (2016)

Sarkar, K.R.: Assessing insider threats to information security using technical, behavioural and organisational measures. Inf. Secur. Tech. Rep. 15(3), 112–133 (2010). https://doi.org/10.1016/j.istr.2010.11.002CrossRef

Agrafiotis, I., Nurse, J.R., Buckley, O., Legg, P., Creese, S., Goldsmith, M.: Identifying attack patterns for insider threat detection. Comput. Fraud Secur. 2015(7), 9–17 (2015)CrossRef

Kshetri, N.: Cybercrime and cybersecurity in Africa. J. Glob. Inf. Technol. Manag. 22(2), 77–81 (2019)

Ben-David, Y., et al.: Computing security in the developing world: a case for multidisciplinary research. In: NSDR 2011, pp. 1–6 (2011)

Van Niekerk, B.: An analysis of cyber-incidents in South Africa. Afr. J. Inf. Commun. 20, 113–132 (2017)

Homoliak, I., Toffalini, F., Guarnizo, J., Elovici, Y., Ochoa, M.: Insight into insiders and it: a survey of insider threat taxonomies, analysis, modeling, and countermeasures. ACM Comput. Surv. (CSUR) 52(2), 1–40 (2019)CrossRef

10.

Moore, A.P., Cassidy, T.M., Theis, M.C., Bauer, D., Rousseau, D.M., Moore, S.B.: Balancing organizational incentives to counter insider threat. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 237–246. IEEE, May 2018

11.

Haidar, D., Gaber, M.M., Kovalchuk, Y.: Anythreat: an opportunistic knowledge discovery approach to insider threat detection. arXiv preprint arXiv:1812.00257 (2018)

12.

Nkosi, L., Tarwireyi, P., Adigun, M.O.: Insider threat detection model for the cloud. In: 2013 Information Security for South Africa, pp. 1–8. IEEE, August 2013

13.

Padayachee, K.: An assessment of opportunity-reducing techniques in information security: an insider threat perspective. Decis. Support Syst. 92, 47–56 (2016)CrossRef

14.

Dagada, R., Mukwevho, S.: Industrial espionage threat in corporate South Africa. In: Society of Digital Information and Wireless Communications Conference (2013)

15.

Safa, N.S., Maple, C., Watson, T., Von Solms, R.: Motivation and opportunity based model to reduce information security insider threats in organisations. J. Inf. Secur. Appl. 40, 247–257 (2018)

16.

Fagade, T., Tryfonas, T.: Malicious insider threat detection: a conceptual model. Secur. Prot. Inf. 2017, 31–44 (2017)

17.

Velez, J.A., Ewoldsen, D.R., Hanus, M.D., Song, H., Villarreal, J.A.: Social comparisons and need fulfillment: interpreting video game enjoyment in the context of leaderboards. Commun. Res. Rep. 35(5), 424–433 (2018)CrossRef

18.

Poetz, K.: Establishing socially responsible workplaces: need perceptions and institutional forces acting on MSE owners in Tanzania. Can. J. Adm. Sci./Revue Canadienne des Sciences de l’Administration 33(3), 197–212 (2016)CrossRef

19.

Li, Y., Zhang, N., Siponen, M.: Keeping secure to the end: a long-term perspective to understand employees’ consequence-delayed information security violation. Behav. Inf. Technol. 38(5), 435–453 (2019)CrossRef

20.

Santos Cesário, F., José Chambel, M., Guillén, C.: What if expatriates decide to leave? The mediation effect of the psychological contract fulfilment. Manag. Res.: J. Iberoamerican Acad. Manag. 12(2), 103–122 (2014)CrossRef

21.

Aransiola, J.O., Asindemade, S.O.: Understanding cybercrime perpetrators and the strategies they employ in Nigeria. Cyberpsychol. Behav. Soc. Netw. 14(12), 759–763 (2011)CrossRef

22.

Ojedokun, U.A., Eraye, M.C.: Socioeconomic lifestyles of the yahoo-boys: a study of perceptions of university students in Nigeria. Int. J. Cyber Criminol. 6(2), 1001 (2012)

23.

Uberti, L.J.: Can institutional reforms reduce corruption? Economic theory and patron–client politics in developing countries. Dev. Chang. 47(2), 317–345 (2016)CrossRef

24.

Pillay, S., Kluvers, R.: An institutional theory perspective on corruption: the case of a developing democracy. Finan. Accountability Manag. 30(1), 95–119 (2014)CrossRef

25.

Adesina, O.S.: Cybercrime and poverty in Nigeria. Can. Soc. Sci. 13(4), 19–29 (2017)

26.

Dheer, R.J.S.: Cross-national differences in entrepreneurial activity: role of culture and institutional factors. Small Bus. Econ. 48(4), 813–842 (2016). https://doi.org/10.1007/s11187-016-9816-8CrossRef

27.

Quarshie, H.O., Martin-Odoom, A.: Fighting cybercrime in Africa. Comput. Sci. Eng. 2(6), 98–100 (2012)CrossRef

28.

Moraski, L.: Cybercrime knows no borders. Infosecurity 8(2), 20–23 (2011)CrossRef

29.

Hewitt, B., Kruck, S.E.: Incorporating global information security and assurance in I.S. education. J. Inf. Syst. Educ. 24(1), 11–13 (2013)

30.

Rowe, D.C., Lunt, B.M., Ekstrom, J.J.: The role of cyber-security in information technology education. In: SIGTE Conference, p. 113 (2011)

31.

Calderaro, A., Craig, A.J.S.: Transnational governance of cybersecurity: policy challenges and global inequalities in cyber capacity building. Third World Q. 41(6), 917–938 (2020). https://doi.org/10.1080/01436597.2020.1729729CrossRef

32.

Futcher, L., Schroder, C., von Solms, R.: Information security education in South Africa. Inf. Manag. Comput. Secur. 18(5), 366–374 (2010)

33.

Shafqat, N., Masood, A.: Comparative analysis of various national cyber security strategies. Int. J. Comput. Sci. Inf. Secur. 14(1), 129 (2016)

34.

Herley, C.: Why do Nigerian scammers say they are from nigeria?. In: WEIS, June 2012

35.

Moody, G.D., Siponen, M., Pahnila, S.: Toward a unified model of information security policy compliance. MIS Q. 42(1), 285–311 (2018)CrossRef

36.

Khan, H.U., AlShare, K.A.: Violators versus non-violators of information security measures in organizations—a study of distinguishing factors. J. Organ. Comput. Electron. Commer. 29(1), 4–23 (2019)CrossRef

37.

Bauer, S., Bernroider, E.W.: From information security awareness to reasoned compliant action: analyzing information security policy compliance in a large banking organization. ACM SIGMIS Database: DATABASE Adv. Inf. Syst. 48(3), 44–68 (2017)CrossRef

38.

Hsiao, C.H., Chang, J.J., Tang, K.Y.: Exploring the influential factors in continuance usage of mobile social apps: satisfaction, habit, and customer value perspectives. Telemat. Inform. 33(2), 342–355 (2016)CrossRef

39.

Siponen, M., Pahnila, S., Mahmood, A.: Employees’ adherence to information security policies: an empirical study. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., Solms, R. (eds.) SEC 2007. IIFIP, vol. 232, pp. 133–144. Springer, Boston (2007). https://doi.org/10.1007/978-0-387-72367-9_12CrossRef

40.

Narain Singh, A., Gupta, M.P., Ojha, A.: Identifying factors of “organizational information security management.” J. Enterp. Inf. Manag. 27(5), 644–667 (2014)CrossRef

41.

AlKalbani, A., Deng, H., Kam, B.: Organisational security culture and information security compliance for E-government development: the moderating effect of social pressure. In: PACIS, p. 65, July 2015

42.

Guhr, N., Lebek, B., Breitner, M.H.: The impact of leadership on employees’ intended information security behaviour: an examination of the full-range leadership theory. Inf. Syst. J. 29(2), 340–362 (2019)CrossRef

43.

Rodrigues, A.D.O., Ferreira, M.C.: The impact of transactional and transformational leadership style on organizational citizenship behaviors. Psico-USF 20(3), 493–504 (2015)CrossRef

44.

Flores, W.R., Ekstedt, M.: Shaping intention to resist social engineering through transformational leadership, information security culture and awareness. Comput. Secur. 59, 26–44 (2016)CrossRef

45.

Pathania, A., Rasool, G.: Investigating power styles and behavioural compliance for effective hospital administration: an application of AHP. Int. J. Health Care Qual. Assur. 32(6), 958–977 (2019)

46.

Okeke, V.I.: Leadership Style and SMEs Sustainability in Nigeria: A Multiple Case Study (2019)

47.

Dzomonda, O., Fatoki, O., Oni, O.: The impact of leadership styles on the entrepreneurial orientation of small and medium enterprises in South Africa. J. Econ. Behav. Stud. 9(2(J)), 104–113 (2017)

48.

Lebek, B., Uffen, J., Neumann, M., Hohler, B., Breitner, M.H.: Information security awareness and behavior: a theory-based literature review. Manag. Res. Rev. 37(12), 1049–1092 (2014). https://doi.org/10.1108/MRR-04-2013-0085CrossRef

49.

Safa, N.S., Von Solms, R., Furnell, S.: Information security policy compliance model in organizations. Comput. Secur. 56, 70–82 (2016)CrossRef

50.

Al-Omari, A., El-Gayar, O., Deokar, A.: Information security policy compliance: the role of information security awareness (2012)

51.

Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Q. 34(3), 523–548 (2010)CrossRef

52.

Cheng, L., Li, Y., Li, W., Holm, E., Zhai, Q.: Understanding the violation of IS security policy in organizations: an integrated model based on social control and deterrence theory. Comput. Secur. 39, 447–459 (2013)CrossRef

53.

Lee, J.K.: Research framework for AIS grand vision of the bright ICT initiative. MIS Q. 39(2), iii–xii (2015)

54.

Dojkovski, S., Lichtenstein, S., Warren, M.: Enabling information security culture: influences and challenges for Australian SMEs. In: Proceedings of the 21st Australasian Conference on Information Systems, ACIS 2010, January 2010

55.

Ng, Z.X., Ahmad, A., Maynard, S.B.: Information security management: factors that influence security investments in SMES. In: Australian Information Security Management Conference. Edith Cowan University, Perth, Western Australia, 2nd–4th December 2013 (2013)

56.

Flowerday, S.V., Tuyikeze, T.: Information security policy development and implementation: the what, how and who. Comput. Secur. 61, 169–183 (2016)CrossRef

57.

Kamariza, Y.: Implementation of information security policies in public organizations: top management as a success factor. Dissertation, pp. 13–37 (2017)

58.

Tang, M., Li, M., Zhang, T.: The impacts of organizational culture on information security culture: a case study. Inf. Technol. Manag. 17(2), 179–186 (2015). https://doi.org/10.1007/s10799-015-0252-2CrossRef

59.

Da Veiga, A., Martins, N.: Improving the information security culture through monitoring and implementation actions illustrated through a case study. Comput. Secur. 49, 162–176 (2015)CrossRef

60.

Chaturvedi, M., Narain Singh, A., Prasad Gupta, M., Bhattacharya, J.: Analyses of issues of information security in Indian context. Transforming Gov.: People Process Policy 8(3), 374–397 (2014)CrossRef

61.

Cavusoglu, H., Cavusoglu, H., Son, J.Y., Benbasat, I.: Institutional pressures in security management: direct and indirect influences on organizational investment in information security control resources. Inf. Manag. 52(4), 385–400 (2015)CrossRef

62.

De Lange, J., Von Solms, R., Gerber, M.: Better information security management in municipalities. In: 2015 IST-Africa Conference, pp. 1–10. IEEE, May 2015

63.

Cassim, F.: Addressing the growing spectre of cyber crime in Africa: evaluating measures adopted by South Africa and other regional role players. Comp. Int. Law J. Southern Afr. 44, 123–138 (2011)

64.

Wilson, J.: Scamming the scammers with their own tricks. Comput. Fraud Secur. 2018(9), 14–16 (2018)CrossRef

65.

Leukfeldt, E.R.: Organised cybercrime and social opportunity structures. A proposal for future research directions. Eur. Rev. Organ. Crime 2(2), 91–103 (2015)

Title: A Conceptual Framework for Exploring the Factors Influencing Information Security Policy Compliance in Emerging Economies
Authors: Salah Kabanda
Seapei Nozimbali Mogoane
Publisher: Springer International Publishing
Book: e-Infrastructure and e-Services for Developing Countries
Print ISBN: 978-3-031-06373-2

Electronic ISBN: 978-3-031-06374-9

Copyright Year: 2022
DOI: https://doi.org/10.1007/978-3-031-06374-9_13

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner