Information security policies: investigation of compliance in universities

Abstract

Information security awareness (ISA) is signified as a state of consciousness and acquaintance about the potential security issues/breaches and is found to have an association with security policies compliance in organizations. Many information security incidents occur due to the negligence and unintentional behavior of internal employees resulting in a serious internal threat to the safety of organizational assets. The compliance with security rules and regulations significantly depends upon the realization of threat and skills to cope with the situations. Universities in Malaysia are operating in either public or private domain; comprise of International and National students and employees. These universities accommodate ample amount of confidential personal and educational information of international and national students, faculty and staff. This paper intends to identify the provision of policies and acquaintance of universities employees on information security policies (ISP) defined by their institution. A quantitative study has been conducted in public and private universities of Malaysia to identify employees' perceptions towards their acquaintance of ISPs. Results indicate that end users of information security policies understand the importance of awareness and compliance with institutional policies.