Abstract
The surge in information security breaches in higher learning institutions has prompted researchers to identify factors that need to be considered to ensure compliance with information systems security controls in place. This chapter investigated factors that influence compliance with information systems security by adopting a conceptual framework that combines the protection motivation theory (PMT) and the skills theory as the guiding framework. Data was collected from a convenient sample size of 85 respondents from a higher learning institution in South Africa. Data analysis was carried out using the partial least square structural equation modelling (PLS-SEM) with the aid of SMARTPLS 3.2.9 software. The results revealed that perceived vulnerability, perceived severity, perceived rewards, response efficacy, response costs, and awareness explained 42.2% of the variance in compliance with information systems security controls. Thus, this study suggests that practitioners need to ensure that students recognise information systems security threats of their universities.
TopIntroduction And Background
Irrespective of an organisation’s information security policies and guidelines that are in place in an organisation, security threats and breaches are still a significant concern (Ahlan, Lubis, and Lubis, 2015). There has been an increase in Information systems security breaches in institutions of higher learning globally (Bulgurcu, Cavusoglu, and Benbasat, 2017), and South Africa is not immune to this trend. Compliance with information systems controls is one of the keys to safeguarding information and information systems infrastructure. A study conducted in the United States indicated that about 75% of higher education institutions are susceptible to information systems security breaches (Ahlan et al., 2015). Bulgurcu, Cavusoglu, and Benbasat (2017) argue that information systems security policies and procedures are not sufficient to guarantee user compliance. Doherty and Tajuddin (2016) say that the human element is the weakest link towards an organisation security compliance. Thus, organisations and institutions should also consider the human factor in information systems security by devising training and awareness programs to stimulate intuitive compliance to information security controls.
There is also a need to understand factors that motivate users to comply with information systems' security measures. Understanding factors that influence compliance with information systems security help devise appropriate strategies to induce intuitive compliance, thus minimising security threats related to human negligence. Hence, this research aimed at examining the factors that contribute to compliance with information systems controls within an institution of higher learning. The specific objectives were:
- 1.
To identify the factors that influence student’s compliance with information systems security controls.
- 2.
To determine the extent to which these factors contribute to compliance with information systems security controls.
Justification
There has been an increase in Information systems security breaches in institutions of higher learning globally, and South Africa is not immune to this trend. Compliance with information systems controls is one of the keys to safeguarding information and information systems infrastructure. Humans remain the weakest link within the information systems security spectrum as they tend to breach institutions' security controls intentionally or unintentionally in place policies. Hence, this research will identify determinants and challenges that contribute to students' compliance with information systems controls within an institution of higher learning. The findings could develop awareness programs to increase students' compliance with information security controls. Furthermore, the results could also be used to devise strategies to counter the challenges that impede students' compliance with information systems security controls.
Literature Review
Organisations such as institutions of higher learning rely on information systems to manage their information and data resources. Securing these information systems has become essential for these institutions. Managing information systems security entails putting in place both technical and behaviour controls (Sadaf Hina & Dominic, 2017). The users (mainly students in these universities) of the information systems constitute the main subjects of these controls. Their compliance with information systems security has been a concern amongst researchers (Sadaf Hina & Dominic, 2017; Reddy & Rao, 2016; Zhang & Wang, 2016).
Key Terms in this Chapter
Compliance: Conforming to a rule, such as a specification, policy, standard or law. In this study, it means students and staff conforming to the standards of the university in terms of Information, software, data use for their work.
Confidentiality: Assurance that information is not disclosed to unauthorized individuals, processes, or devices.
Theory: A system of statements targeted at describing, explaining, and predicting real-world phenomena. A scientific theory is a system composed of two core constituents: (1) factors and (2) hypotheses.
Latent Variable: They are variables that are not directly observed but are rather inferred (through a mathematical model) from other variables that are observed (directly measured).
Model: A system of statements targeted at describing, explaining, and predicting real-world phenomena. A scientific model is a system composed of two core constituents that have been tested and validated: (1) factors and (2) hypotheses.
African Union: A continental union consisting of fifty-four countries in Africa.