CFP last date
22 April 2024
Call for Paper
May Edition
IJCA solicits high quality original research papers for the upcoming May edition of the journal. The last date of research paper submission is 22 April 2024

Submit your paper
Know more
The week's pick
Responsive image
Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin
Random Articles
Reseach Article

Information Security Policy Compliance: A Broad-based Literature Review and a Theoretical Framework

by Erick O. Otieno, Andrew M. Kahonge, Agnes N. Wausi
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 181 - Number 47
Year of Publication: 2019
Authors: Erick O. Otieno, Andrew M. Kahonge, Agnes N. Wausi
10.5120/ijca2019918519

Erick O. Otieno, Andrew M. Kahonge, Agnes N. Wausi . Information Security Policy Compliance: A Broad-based Literature Review and a Theoretical Framework. International Journal of Computer Applications. 181, 47 ( Apr 2019), 8-13. DOI=10.5120/ijca2019918519

@article{ 10.5120/ijca2019918519,
author = { Erick O. Otieno, Andrew M. Kahonge, Agnes N. Wausi },
title = { Information Security Policy Compliance: A Broad-based Literature Review and a Theoretical Framework },
journal = { International Journal of Computer Applications },
issue_date = { Apr 2019 },
volume = { 181 },
number = { 47 },
month = { Apr },
year = { 2019 },
issn = { 0975-8887 },
pages = { 8-13 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume181/number47/30467-2019918519/ },
doi = { 10.5120/ijca2019918519 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:09:19.892248+05:30
%A Erick O. Otieno
%A Andrew M. Kahonge
%A Agnes N. Wausi
%T Information Security Policy Compliance: A Broad-based Literature Review and a Theoretical Framework
%J International Journal of Computer Applications
%@ 0975-8887
%V 181
%N 47
%P 8-13
%D 2019
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Despite a plethora of studies in the field of information security and a vast pool of measures to mitigate insider threats, risks still exist especially with the challenging environment information security practitioners experience due to noncompliance with information security policies. Employee’s noncompliance is made even worse since third parties contracted by organizations cannot guarantee that whilst handling their respective information assets, the respective information security managers of the said third party entities will not guarantee information security policy compliance on the other side. Therefore, getting a solution that assists the information security managers handle the “Phantom insiders” in the same way they mitigate internal insider would be ideal. This review steps in to this gap and reviews what has been covered and what still needs to be done, then proposes a future framework for researchers alongside other recommendations for practitioners. We add a dimension to the insider threat meaning to broaden the scope to include employees and stakeholders of third-party entities. We define four thematic areas that can inform future research by grounding our analysis in extant information security policy compliance literature within a span of 15year. We finally propose a framework that will work as a foundation for future information security policy compliance research and practice.

References
  1. R. F. Trzeciak, "SEI Cyber Minute: Insider Threats," 2017.
  2. PwC, "Global Economic Crime Survey 2016: US Results," 2017.
  3. M. L. Collins, M. C. Theis, R. F. Trzeciak, J. R. Strozer, J. W. Clark, D. L. Costa, T. Cassidy, M. J. Albrethsen and A. P. Moore, "Common sense guide to prevention and detection of insider threats 5th edition," CERT, Software Engineering Institute, Carnegie Mellon University, 2016.
  4. McAfee, "Cloud Adoptionand Risk Report," 2019.
  5. B. Lebek, J. Uffen, M. Neumann, B. Hohler and M. H. Breitner, "Informationsecurity awareness and behavior: a theory-based literature review," Management Research Review, vol. 37, no. 12, pp. 1049-1092, 2014.
  6. P. Balozian and D. Leidner, "Review of IS Security Policy Compliance: Toward the Building Blocks of an IS Security Theory," the DATABASE for Advances in Information Systems, vol. 48, no. 3, pp. 11-43, 2017.
  7. W. A. Cram, J. G. Proudfoot and J. D’Arcy, "Organizational information security policies: a review and research framework," European Journal of InformationSystems, vol. 26, no. 6, pp. 605-641, 2017.
  8. M. J. Alhanahnah, A. Jhumka and S. Alouneh, "A Multidimension Taxonomy of Insider Threats in Cloud Computing," The Computer Journal, vol. 59, no. 11, p. 1612–1622, 2016.
  9. T. Webster and R. T. Watson, "Analyzing the Past to Prepare for the Future: Writing a Literature Review," MIS Quarterly, vol. 26, no. 2, pp. xiii-xxii, 2002.
  10. F. Rowe, "What literature review is not: diversity, boundaries and recommendations," European Journal of Information, vol. 23, no. 3, p. 241–255, 2014.
  11. G. Pare, M. Trudel, M. Jaana and S. Kitsiou, "Synthesizing Information Systems Knowledge: A Typology of Literature Reviews," Information & Management, vol. 52, no. 2, pp. 183-199, 2015.
  12. A. Harzing, "Journal Quality List," 29 July 2018. [Online]. Available: https://harzing.com/resources/journal-quality-list. [Accessed January 2019].
  13. P. P. Mykytyn, JR. and D. A. Harrison, "The Application of the Theory of Reasoned Action to Senior Management and Strategic Information Systems," Information Resources Management Journal, vol. 6, no. 2, pp. 15-26, 1993.
  14. S. Pahnila, M. Siponen and A. Mahmood, "Employees’ Behavior towards IS Secur ity Policy Compliance," in Proceedings of the 40th Hawaii International Conference on System Sciences - 2007, 2007.
  15. B. Bulgurcu, H. Cavusoglu and I. Benbasat, "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness," MIS Quarterly, vol. 34, no. 3, pp. 523-548, 2010.
  16. G. Vaidyanathan and N. Berhanu, "Impact of Security Countermeasures in Organizational Information Convergence: A Theoretical Model," Issues in Information Systems, vol. 13, no. 2, pp. 21-25, 2012.
  17. A. D. Veiga, "The Influence of Information Security Policies on Information Security Culture: Illustrated through a Case Study," Proceedings of the Ninth International Symposium on Human Aspects of Information Security & Assurance (HAISA 2015), p. 22, 2015.
  18. T. Herath and R. H. Rao, "Protection motivation and deterrence: a framework for security policy compliance in organisations," European Journal of Information Systems, vol. 18, no. 2, pp. 106-125, 2009.
  19. A. AlKalbani, H. Deng and B. Kam, "Investigating the Role of Socio-organizational Factors in the Information Security Compliance in Organizations," in Australasian Conference on Information Systems, Australia, Adelaide, 2015.
  20. A. AlKalbani, H. Deng, B. Kam and X. Zhang, "Investigating the Impact of Institutional Pressures on Information Security Compliance in Organizations," in Australasian Conference on Information Systems, Australia, Wollongong, 2016.
Index Terms

Computer Science
Information Sciences

Keywords

Information Security Policy Compliance Theoretical Concept Insider Threats Insiders in Cloud Computing

Powered by PhDFocusTM