Article Preview
TopIntroduction
Information security is one of the crucial aspects that cannot and should not be neglected in any well-meaning institution. As institutions gradually realize the importance of information systems to their business progress, the need for the security of the products has become necessary. Therefore, it can be asserted that institutions neglect security at their peril. Recent research studies have shown great concern on the importance of information systems security and its policies in an institution (Boss, Kitsch, Angermeier, Shingler, and Boss, 2009; D'Arcy and Hovav, 2009; and Posey, Roberts, Lowry, Bennett, and Courtney, 2013). Meanwhile, related research has emphasized the importance of the human and process variables in ensuring the effectiveness of information security policy. It is believed that information systems security policy is the foundation upon which every institution's security is based (Parker, 1998). On this basis, we can easily discern the importance of having a formal policy for institutions' information security. Besides, information security policy describes how institutions achieve their security objectives alongside their institutional goals (Nasir and Vajjhala, 2020).
One big problem attached to an information security breach is that even those innocent employees are liable to be affected by the damage done (Hsu, Shih, Hung, and Lowry, 2015). In other words, damage caused by a single employee can significantly impact the entire staff of the institution. This might result in low patronage, low revenue, and a bankrupting level of a business. The above statement strengthens the importance of having an information security policy, complying with it, enforcing it, and emphasizing the penalties for its breach. However, many institutions have been implementing security measures for many years, yet they have not minimized or possibly done away with their security challenge (Al-Awadi, 2009). They are still striving hard to achieve sound information security. Thus, institutions need to devise mechanisms to fight against the ever-growing number of security breaches to their information systems. Furthermore, one of such protection mechanisms is formulating and complying with documented security policy (Doherty, Anastasaki, and Fulford, 2009). This study tends to fill this gap by using an empirical method to assess the readiness of Nigerian institutions towards the adoption and implementation of information security policy.