Need for information security policies compliance: a perspective in Higher Education Institutions

Abstract

Organizations profoundly rely on contemporary information systems as they store essential business and resources data. Security of these information systems is critically handled by applying both technical and behavioral controls. However, security culture in certain organizations such as Higher Education Institutions (HEI) is questionable due to the lax attitude of employees towards the institutional resources. This research intends to examine the effect of institutional governance (IG) factors security awareness programs, establishment of security policies and periodic monitoring in enhancing the protection motivation among employees. It is believed that employees motivated, through various sources of information, towards the protection of resources intend to comply with organizational Information Security Policies (ISP) documented to disseminate the roles and responsibilities of employees. The two relevant theories i.e. Protection Motivation Theory (PMT) and Theory of Planned Behavior (TPB) are integrated for this research. The effect of IG and negative experience, as external sources of information, is investigated on the integrated theories. Relevant hypotheses are formulated in the proposed hybrid research model. To pilot test the survey questionnaire, data collection was done among the employees within the HEI of Malaysia. Results were derived using IBM SPSS 23. Pilot study shows reliable measurement scales, suitable for final data collection and analysis to validate the research model.