Author:
Al-Mukahal Hasan M.,Alshare Khaled
Abstract
Purpose
– This paper aims to investigate factors that impact the number of information security policy violations in Qatari organizations and to examine the moderating effect of Hofstede’s cultural dimensions on the relationships between the independent factors and the number of information security policy violations.
Design/methodology/approach
– Grounded in related theories from the fields of criminology, behavioral psychology and theory of planned behavior, two components that affect the number of information security policy violations were identified. A quantitative approach was used by developing a questionnaire survey to collect the data. The research model was tested using 234 employees from different Qatari organizations.
Findings
– The results of the study indicate that trust, the impact of implementing information security policy on work environment and the clarity of the scope of the information security policy were significant factors in predicting the number of information security policy violations. The findings also reveal that cultural dimensions such as uncertainty avoidance and collectivism moderate the relationships between trust, clarity of policy scope and impact of information security policy on work environment and the number information security policy violations.
Research limitations/implications
– The generalizability of the results is limited because the sample of the study was drawn from only one developing country. Therefore, a plausible future research could be testing the proposed model in many developing and developed countries.
Practical implications
– The paper includes practical implications for developing and implementing security measures and policies in diversified work environments.
Originality/value
– This study fulfils a gap in investigating the factors that influence the number of information security policy violations and the moderating effect of cultural dimensions in developing countries such as Qatar.
Subject
Management of Technology and Innovation,Information Systems and Management,Computer Networks and Communications,Information Systems,Software,Management Information Systems
Reference32 articles.
1. Ajzen, I.
(1991), “The theory of planned behavior”,
Organizational Behavior and Human Decision Processes
, Vol. 50 No. 2, pp. 179-211.
2. AlgoSec
(2013), “The state of network security 2013: attitudes and opinions”, AlgoSec, available at: www.algosec.com/resources/files/Specials/Survey%20files/State%20of%20Network%20Security%202013_Final%20Report.pdf (accessed 10 May 2014).
3. Al-Share, K.
and
Lane, P.
(2008), “A conceptual model for explaining violations of the information security policy (ISP): a cross cultural perspective”, AMCIS 2008 Proceedings, Toronto, ON, 14-17 August.
4. Asai, T.
and
Hakizabera, A.U.
(2010), “Empirical analysis of human-related problems of information security in cross-cultural environments (East African Community)”,
Information Management and Computer Security
, Vol. 18 No. 5, pp. 328-338.
5. Asai, T.
and
Hakizabera, A.U.
(2011), “Human-related problems in information security in Thai Cross-Cultural Environments”,
Contemporary Management Research
, Vol. 7 No. 2, pp. 117-142.
Cited by
14 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献