Litcius/Paper detail

Organizational Governance, Social Bonds and Information Security Policy Compliance: A Perspective towards Oil and Gas Employees

Rao Faizan Ali, P.D.D. Dominic, Kashif Ali

2020Sustainability30 citationsDOIOpen Access PDF

Abstract

Information security attacks on oil and gas (O&G) organizations have increased since the last decade. From 2015 to 2019, almost 70 percent of O&G organizations faced at least one significant security breach worldwide. Research has shown that 43 percent of security attacks on O&G organizations occur due to the non-compliant behavior of O&G employees towards information security policy. The existing literature provides multiple solutions for technical security controls of O&G organizations. However, there are very few studies available that address behavioral security controls, specifically for O&G organizations of developing countries. The purpose of this study is to provide a comprehensive framework for information security policy compliance (ISPC) for the O&G sector. A mixed-method approach is used to develop the research framework. Semi-structured interviews from O&G specialists refined the developed framework. Based on qualitative study a survey questionnaire was developed. To evaluate the research framework, structural equation modeling was applied to a sample of 254 managers/executives from 150 Malaysian O&G organizations. The obtained test results confirmed the proposed research model, according to which good social bonding among employees plays a critical role in improving ISPC. However, there was less support for the notion that all organizational governance factors significantly improve the social bonding of Malaysian O&G organizations employees. This paper contributes to the current information system (IS) literature by exploring the interrelationships among organizational governance, social bonding, and information security policy compliance (ISPC) in Malaysian O&G organizations.

Topics & Concepts

Corporate governanceBusinessInformation securityCompliance (psychology)Social securityInformation security managementStructural equation modelingInformation governanceKnowledge managementPublic relationsAccountingInformation systemEconomicsPolitical scienceManagement information systemsPsychologyFinanceComputer securityCloud computing securityCloud computingSocial psychologyComputer scienceSecurity information and event managementLawMachine learningMarket economyInformation and Cyber SecurityCybercrime and Law Enforcement StudiesSupply Chain Resilience and Risk Management