Show simple item record

dc.contributor.authorAlotaibi, M
dc.contributor.authorFurnell, SM
dc.contributor.authorClarke, N
dc.date.accessioned2018-11-12T08:18:01Z
dc.date.issued2019-03-11
dc.identifier.issn2056-4961
dc.identifier.issn2056-497X
dc.identifier.urihttp://hdl.handle.net/10026.1/12765
dc.description.abstract

<jats:sec> <jats:title content-type="abstract-subheading">Purpose</jats:title> <jats:p>It is widely acknowledged that non-compliance of employees with information security polices is one of the major challenges facing organisations. This paper aims to propose a model that is intended to provide a comprehensive framework for raising the level of compliance amongst end-users, with the aim of monitoring, measuring and responding to users’ behaviour with an information security policy.</jats:p> </jats:sec> <jats:sec> <jats:title content-type="abstract-subheading">Design/methodology/approach</jats:title> <jats:p>The proposed model is based on two main concepts: a taxonomy of the response strategy to non-compliant behaviour and a compliance points system. The response taxonomy comprises two categories: awareness raising and enforcement of the security policy. The compliance points system is used to reward compliant behaviour and penalise non-compliant behaviour.</jats:p> </jats:sec> <jats:sec> <jats:title content-type="abstract-subheading">Findings</jats:title> <jats:p>A prototype system has been developed to simulate the proposed model and work as a real system that responds to the behaviour of users (reflecting both violations and compliance behaviour). In addition, the model has been evaluated by interviewing experts from academic and industry. They considered the proposed model to offers a novel approach for managing end users’ behaviour with the information security policies.</jats:p> </jats:sec> <jats:sec> <jats:title content-type="abstract-subheading">Research limitations/implications</jats:title> <jats:p>Psychological factors were out of the research scope at this stage. The proposed model may have some psychological impacts upon users; therefore, this issue needs to be considered by studying the potential impacts and the best solutions.</jats:p> </jats:sec> <jats:sec> <jats:title content-type="abstract-subheading">Originality/value</jats:title> <jats:p>Users being compliant with the information security policies of their organisation is the key to strengthen information security. Therefore, when employees have a good level of compliance with security policies, this positively affects the overall security of an organisation.</jats:p> </jats:sec>

dc.format.extent2-25
dc.languageen
dc.language.isoen
dc.publisherEmerald
dc.subjectInformation security management
dc.subjectHuman factors
dc.subjectUser behaviour
dc.subjectCompliance management
dc.subjectInformation security policy
dc.titleA Framework for Reporting and Dealing with End-User Security Policy Compliance
dc.typejournal-article
dc.typeArticle
plymouth.issue1
plymouth.volume27
plymouth.publication-statusPublished
plymouth.journalInformation and Computer Security
dc.identifier.doi10.1108/ICS-12-2017-0097
plymouth.organisational-group/Plymouth
plymouth.organisational-group/Plymouth/Faculty of Science and Engineering
plymouth.organisational-group/Plymouth/Faculty of Science and Engineering/School of Engineering, Computing and Mathematics
plymouth.organisational-group/Plymouth/REF 2021 Researchers by UoA
plymouth.organisational-group/Plymouth/REF 2021 Researchers by UoA/UoA11 Computer Science and Informatics
plymouth.organisational-group/Plymouth/Users by role
plymouth.organisational-group/Plymouth/Users by role/Academics
dcterms.dateAccepted2018-09-18
dc.rights.embargodate2019-4-10
dc.identifier.eissn2056-497X
dc.rights.embargoperiodNot known
rioxxterms.versionofrecord10.1108/ICS-12-2017-0097
rioxxterms.licenseref.urihttp://www.rioxx.net/licenses/all-rights-reserved
rioxxterms.licenseref.startdate2019-03-11
rioxxterms.typeJournal Article/Review


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record


All items in PEARL are protected by copyright law.
Author manuscripts deposited to comply with open access mandates are made available in accordance with publisher policies. Please cite only the published version using the details provided on the item record or document. In the absence of an open licence (e.g. Creative Commons), permissions for further reuse of content should be sought from the publisher or author.
Theme by 
Atmire NV