Towards modelling the impact of security policy on compliance

Winfred Yaokumah, Steven Brown, Alex Ansah Dawson

Research output: Contribution to journalArticlepeer-review

4 Citations (Scopus)

Abstract

This study develops a model, based on the controls present in ISO/IEC 27002 framework, to integrate the role of technical and administrative security controls. The model provides better understanding of how security policy can influence security compliance and the pathway through which this effect is generated. Data were collected from 223 IT security and management professionals. Using Partial Least Square Structural Equation Modelling (PLS-SEM) and testing hypotheses, the study finds that information security policy has significant indirect influence on information security compliance. The effect of security policy is fully mediated by security roles and responsibilities, operations security activities, and security monitoring and review activities. Security policy strongly influences operations security activities and has the greatest effect on security roles and responsibilities. Among the three mediating variables, monitoring and reviews has the most significant influence on security compliance. Conversely, the impact of security policy on compliance is not significant.

Original languageEnglish
Pages (from-to)1-16
Number of pages16
JournalJournal of Information Technology Research
Volume9
Issue number2
DOIs
Publication statusPublished - 1 Apr 2016
Externally publishedYes

Keywords

  • Compliance
  • Information security management
  • Information security policy
  • Operations security
  • Security monitoring and reviews
  • Security roles and responsibilities

Fingerprint

Dive into the research topics of 'Towards modelling the impact of security policy on compliance'. Together they form a unique fingerprint.

Cite this