Awareness and Compliance of Information Security Policy in Libyan Organizations

Abstract

According to a review of the literature, many employees are unaware of information security policies or choose to disregard them, which can lead to non-compliance. Lack of compliance with the intended policy results from a failure to understand the complicated relationships in the design and implementation of information security rules. This paper assesses the gaps in information security policy compliance. The paper aims to assess the existence of any gaps in the compliance and awareness of employees in the company. In this study, a questionnaire method was utilized to provide an understanding of compliance within the organization. The questions were carefully selected to cover several factors of the subject areas. The outcome of the questionnaire is important to assess any hypothetical noncompliance among employees, and to specify who is more responsible, the management or the employee.  The result finds that many employees are unaware of disregarding information security policies, which can lead to security breaches. The results show that employees are often unaware of information security policies and that they may not understand the importance of compliance. The paper concludes with recommendations for improving employee awareness and compliance with information security policies.  General Terms: Information security policy Awareness and Compliance