Information security policy perceived compliance model for staff in Palestine Universities

Abstract

Information security policies play a significant role in securing university information assets. There should be clear information security policies in place to ensure effective staff compliance—policy perceptibility has a positive impact on employee adherence. The focus of the research is staff compliance intention of information security policies in Palestine universities. There is a need for empirical analysis on staff perception of information security policies compliance based on the intersection and combination of factors adopted from research on multiple information security theories that could have a direct/ indirect effect on staff compliance intention. Therefore, this study seeks to understand and explore staff compliance intention of information security policies based on how they perceive several factors such as perceived sanction from general deterrence theory, perceived rewards as extrinsic motivation, perceived coping appraisal from protection motivation theory, and, information quality, information privacy and facilitating conditions perceived factors from information reinforcement. Therefore, we propose a theoretical novel model built around the perception core model and the Palestinian context. The core model constitutes the perception factors, that is, how “perceived” factors directly affect “perceived” intention to comply. Our model is suited for the Palestinian context, as it works to understand staff compliance of information security policies based on staff perception of policy focused areas and staff security education and training awareness. To significantly implement the theoretical research model, the population of the study covers a wide area of Palestine form several universities to validate and confirm the model empirically using structural equation modelling. The study research design is an empirical, quantitative, exploratory (and descriptive), in addition to the developed research instrument incorporated to achieve the research methods and objectives specifically. The study objective was achieved by carefully reviewing the most appropriate potential approaches to the problem. The researcher sought a model that could find and explain any gaps in staff perception of information security policies and model factors. Thus, a novel model was designed, validated and tested. This study made a theoretical contribution through its novel model. The use of policy focused areas made the model incorporate elements from the Palestinian context directly. This is important, as current staff perceptions of information security policies play a significant role in studying them and discussing potential future policies. In this sense, it provides a methodological contribution. Furthermore, the use of data on security education and training awareness enabled us to provide potential solutions to existing problems more effectively. Security education and training awareness programs demonstrably enhance compliance intention and unify efforts between universities and their employees to mitigate security threats from insiders, be they intentional or unintentional. This constitutes a practical contribution.