Mathematical Modelling of Information Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory

Abstract

Information systems (IS) are essential to the sustainability of modern businesses because they frequently include vital organizational data resources (Ifinedo, 2009). Security is not limited to cryptography, secure data sharing, and privacy assurance but also refers to the protective behavior of security personnel. Access to organizational databases containing sensitive personal information and commercially important data is controlled by a highly effective authentication and authorization system (AkmarIsmail, 2013). Organizations often use a variety of tools and technical measures, such as installing firewalls, installing and updating anti-virus software, backing up systems, maintaining access controls, restricting, using encryption keys, using surge protectors, and thorough monitoring systems. In used to protect critical IS assets contained in such systems from misuse, abuse, and destruction (Larsen, 2009). However, the tools and dimensions mentioned above serve to provide a technical or technological solution to the problem and are not sufficient in providing full protection of IS organizational resources. (Rao T. H., 2009a). Researchers including (Jolton, 2005), and (Mahmood, 2007) noted that organizations can achieve greater success in securing there IS assets and resources if they focus on both technical and non-technical methods to do so. Therefore, it is incumbent on organizations to implement a multifaceted strategy to secure their IT resources and assets (Rao T. H., 2009b). Indeed, a number of studies have shown that firms that want to protect their IS resources view socio-organizational imperatives as being equally crucial (Burcu Bulgurcu, 2010). Organizational information security increasingly depends on the actions of IS professionals who are skilled in the collection, analysis, and use of data and are responsible for protecting access to user-accessible data (Julian Jang-Jaccard, 2014) (Clay Posey, 2015) . (Nader Sohrabi Safa, 2015)Reported that a primary reason for IS security lapses is the fact that IS professionals are the most vulnerable link in the security chain. These services are essential, but they pose a significant threat to your organization. For example, a study evaluating the trade-off between computer security and access concluded that employees are more likely to bypass security measures to complete their tasks (Gerald V. Post, 2007). Against this background, it is a useful approach for the organization to look at the intentions and actions of employees.