Authors: Aatish Chiniah; Feroz Ghannoo
Addresses: Department of Digital Technologies, University of Mauritius, Reduit, Mauritius ' UoM Trust, University of Mauritius, Reduit, Mauritius
Abstract: Many organisations recognise that their employees, who are often considered the weakest link in information security, can also be great assets in the effort to reduce risk related to information security. This research identifies the antecedents of employee compliance with the information security policy (ISP) of an organisation. A survey among computer users of organisations in Mauritius which have established information security policy was carried out. A novel multi-theory model is derived from theory of reasoned action, cognitive evaluation theory and hanoo, and that model is presented to evaluate the data gathered through the survey. The results show that an employee's intention to comply is influenced by attitude, security awareness programs and rewards. Intention to comply in turn influences actual compliance to ISP.
Keywords: information security; compliance behaviour; information security policy.
International Journal of Security and Networks, 2023 Vol.18 No.1, pp.19 - 29
Received: 11 Jan 2022
Accepted: 20 Jan 2022
Published online: 03 Apr 2023 *