The Formulation of Comprehensive Information Security Culture Dimensions for Information Security Policy Compliance Study

摘要

Few studies have shown there is significant relationship between Information Security Culture (ISC) and Information Security Policy (ISP) compliance behaviour. However, these findings still could not conclude the actual effect of ISC towards employees’ ISP compliance. There areissues of consistency and comprehensiveness of dimensions in representing ISC concept in all previous studies. While these dimensions are different from one study to another, there are also some ISC key factors in the ISC literature that are not being included in those studies. A comprehensiveand more cohesive ISC dimensions that could represent all the key factors of ISC concept should be formulated in order to get more conclusive findings on the relationship between ISC and ISP compliance behavior. This paper discusses the formulation process of new comprehensive ISC dimensionsto represent a holistic concept of ISC. The underlying concepts used in this formulation are based on widely accepted concepts of organizational culture and ISC conceptual model to make sure that the new formulated dimensions are supportive to all levels comprised in those concepts. Sevennew dimensions have been proposed. These dimensions cover most of the ISC key factors in literature. The formulated dimensions also supported by previous theoretical and empirical findings from various ISC-related studies. Finally, we have demonstrated that these new comprehensive dimensionscould be used to represent a holistic concept of ISC to be examined in ISP compliance behavior study.