Empirical Study on the Influence of Security Control Management and Social Factors in Deterring Information Security Misbehaviour

Abstract

Complying with the security rules and standard is important to safeguard valuable information in the organisation. Failure to prevent security breaches costs the organisation huge losses and bad reputation. Technical solutions are abundant but nonetheless still unsuccessful to deter information security incidents. The root cause of incompliance is humans as they are the weakest link of security chain. This paper examines the information security control management particularly on information security awareness, training and education, risk analysis and management, information security policies and procedures as well as physical security monitoring, and cognitive factors which give impact towards the employees’ information security compliant behaviour in the organization. Based on convenient sampling, a survey was conducted to employees of public and private sectors in Malaysia who are the Software as a Service (SaaS) cloud users. Data was collected online and was analysed using PLS-SEM. Result shows that information security control management and cognitive factors have high significant impact in deterring information security misbehaviour in the context of cloud users.