Information Security Policy Compliance Model at Indonesian Government Institutions: A Conceptual Framework

摘要

The security breaches of confidential information have remained difficult to solve due to increased external and internal threats to organization. The internal threat is predominantly the result of poor employee behavior towards organization's information security policy. If users do not comply with information security policy, security solutions lose their efficacy. The information security policy serves as a tool to provide direction on how to manage and secure all organizational operations including critical assets, infrastructure, people, and process in organizations. A major challenge for organizations is encouraging employees to comply with information security policy. The objective of this paper is to develop a model for investigating the critical factors that influence employee compliance with information security policy based on Technology Acceptance Model (TAM). Some researchers have extended TAM to include additional factors that influence behavior. In order to develop the model, we conducted a literature review and a discussion with the information security experts from the Government and Higher Education Institutions. The factors that affect employee compliance with organization's information security policy have been identified. Through this study, we find that the TAM can be used to develop a model for investigating employee compliance with Information Security Policy by extended it with organizational and national cultures.