Information and Knowledge Management

There is over-reliance on information systems to run virtually all aspects of modern institutions. This has put more burden on information security managers to come up with more robust and efficient ways to enhance information security policy compliance. Therefore, despite existing efforts in the area of information security management, there remains a critical need for more research to be done. The existing research has also concentrated on hypothesis testing rather than a qualitative approach. So, there is an existential methodology gap that can give another alternative result that still needs to be covered. That is why we embarked on exploring the factors that influence information security compliance in organizations. The research was conducted in two universities with a diverse population. The research design was exploratory, encompassing qualitative in-depth case interviews with grounded theory as the analysis strategy. A total of 20 interviews were conducted and each analysis was done after every few batches of interviews in line with grounded theory principles. A theoretical model was generated and discussed. Implications for the research were also discussed and recommendations made. The study found individual factors, organizational factors, and external influence to be important factors in strategizing how to increase compliance with policies. The results also showed that practitioners need to factor in a combination of elements in their strategies in order to enhance compliance with information security policies.

Keywords: Information Security Policy Compliance Culture, Theoretical Model, Grounded Theory, Information systems security

DOI: 10.7176/IKM/10-5-05

Publication date:August 31^st 2020