SciELO - Scientific Electronic Library Online

 
vol.22 número1A review of knowledge transfer tools in knowledge-intensive organisationsModelling the intended use of Facebook privacy settings índice de autoresíndice de assuntospesquisa de artigos		Home Pagelista alfabética de periódicos  

Serviços Personalizados

Artigo

Indicadores

Links relacionados

  • Em processo de indexaçãoCitado por Google
  • Em processo de indexaçãoSimilares em Google

Compartilhar

South African Journal of Information Management

versão On-line ISSN 1560-683X
versão impressa ISSN 2078-1865

Resumo

RANTAO, Tsholofelo  e  NJENGA, Kennedy. Predicting communication constructs towards determining information security policies compliance. SAJIM (Online) [online]. 2020, vol.22, n.1, pp.1-10. ISSN 1560-683X.  http://dx.doi.org/10.4102/sajim.v22i1.1211.

BACKGROUND: Ineffective communication using inappropriate channels and poor listening skills have resulted in poor compliance with information security (InfoSec) policies. Lack of compliance with InfoSec policies minimises employee proficiency whilst also exposing organisations to business risk. OBJECTIVES: This research addresses management's concern regarding why employees do not comply with InfoSec policies and proposes that how policies are communicated is integral to compliance and that effective communication can serve to ameliorate compliance METHOD: The research adopts communication theories from knowledge management, psychology and information systems to draw on important constructs which are then tested in order to identify those that can strongly predict InfoSec policy compliance. The research was quantitative and used a survey to elicit responses from a sample of 100 employees selected from 6 organisations. RESULTS: Our findings suggest that of the 10 communication constructs used in the miscellany of perception and determinism (MPD) framework, half of these (five) constructs strongly predicated compliance, namely reasons for communication, media appropriateness, non-conflicting interpretations, feedback immediacy and personal focus. The rest of the constructs were weak predictors or could not predict compliance. CONCLUSION: The research advances InfoSec literature by adapting the MPD model as integral to the development, communication and importantly, compliance with InfoSec policies. The MPD model is pertinent as it aggregates theories of communication from a number of academic disciplines and underpinnings not considered before, thereby improving our understanding on how we communicate InfoSec policies for better compliance.

Palavras-chave : information security; policies; compliance; perception theories; determinism theories.

        · texto em Inglês     · Inglês ( pdf )

 

Creative Commons License Todo o conteúdo deste periódico, exceto onde está identificado, está licenciado sob uma Licença Creative Commons

AOSIS Publishing
Postnet Suite #110, Private Bag X19, Durbanville, Cape Town, Western Cape Province, ZA, 7551,
Tel: +27 21 975 2602