Abstract
This study develops a model, based on the controls present in ISO/IEC 27002 framework, to integrate the role of technical and administrative security controls. The model provides better understanding of how security policy can influence security compliance and the pathway through which this effect is generated. Data were collected from 223 IT security and management professionals. Using Partial Least Square Structural Equation Modelling (PLS-SEM) and testing hypotheses, the study finds that information security policy has significant indirect influence on information security compliance. The effect of security policy is fully mediated by security roles and responsibilities, operations security activities, and security monitoring and review activities. Security policy strongly influences operations security activities and has the greatest effect on security roles and responsibilities. Among the three mediating variables, monitoring and reviews has the most significant influence on security compliance. Conversely, the impact of security policy on compliance is not significant.
Original language | English |
---|---|
Pages (from-to) | 1-16 |
Number of pages | 16 |
Journal | Journal of Information Technology Research |
Volume | 9 |
Issue number | 2 |
DOIs | |
Publication status | Published - 1 Apr 2016 |
Externally published | Yes |
Keywords
- Compliance
- Information security management
- Information security policy
- Operations security
- Security monitoring and reviews
- Security roles and responsibilities