Are users competent to comply with information security policies? An analysis of professional competence models
Information Technology & People
ISSN: 0959-3845
Article publication date: 17 July 2018
Issue publication date: 4 September 2018
Abstract
Purpose
Information security policies (ISPs) are used by organizations to communicate rules on the use of information systems (IS). Research studies show that compliance with the ISPs is not a straightforward issue and that several factors influence individual behavior toward ISP compliance, such as security awareness or individual perception of security threats. The purpose of this paper is to investigate the competencies associated with users’ ISP compliance behavior.
Design/methodology/approach
In order to reveal the competencies that are associated with the users’ ISP compliance behavior, the authors systematically analyze the ISP compliance literature and the authors develop an ISP compliance competency model. The authors then target to explore if IS users are equipped with these competencies; to do so, the authors analyze professional competence models from various industry sectors and compare the competencies that they include with the developed ISP compliance competencies.
Findings
The authors identify the competencies associated with ISP compliance and the authors provide evidence on the lack of attention in information security responsibilities demonstrated in professional competence frameworks.
Research limitations/implications
ISP compliance research has focused on identifying the antecedents of ISP compliance behavior. The authors offer an ISP compliance competency model and guide researchers in investigating the issue further by focusing on the professional competencies that are necessary for IS users.
Practical implications
The findings offer new contributions to practitioners by highlighting the lack of attention on the information security responsibilities demonstrated in professional competence frameworks. The paper also provides implications for the design of information security awareness programs and information security management systems in organizations.
Originality/value
To the best of the authors’ knowledge, the paper is the first study that addresses ISP compliance behavior from a professional competence perspective.
Keywords
Citation
Tsohou, A. and Holtkamp, P. (2018), "Are users competent to comply with information security policies? An analysis of professional competence models", Information Technology & People, Vol. 31 No. 5, pp. 1047-1068. https://doi.org/10.1108/ITP-02-2017-0052
Publisher
:Emerald Publishing Limited
Copyright © 2018, Emerald Publishing Limited