Information Security Culture for Guiding Employee’s Security Behaviour: A Pilot Study

摘要

Experts and scholars have suggested that cultivation of a positive Information Security Culture (ISC) could improve employee’s security behaviour in organization. However, specific ISC model for employee’s security behaviour is limited. This paper discusses a pilot study of our research-in-progress that proposes a holistic ISC model to be used as guidance for employee’s security behaviour in organization. ISC concept model developed in the study is represented by seven comprehensive dimensions formulated based on widely accepted concepts of Organizational Culture and ISC. These dimensions embody various aspects of ISC cultivation. The model was tested in a Malaysian public university. This study employed Partial Least Square Structural Equation Modelling (PLS SEM) using Smart PLS 3 software to analyze and validate the model. The findings proved that the ISC model is significant in influencing security compliance behaviour. Hence, this study contributes to ISC literature in terms of conceptualization and empirical validation of a new ISC model based on seven comprehensive dimensions in relation with ISP compliance behaviour.