The Effects of Cultural Contradictions on Information Security Compliance Behaviour
| dc.contributor.advisor | Brown, Irwin | |
| dc.contributor.author | Solomon, Grant Arthur | |
| dc.date.accessioned | 2024-07-04T14:12:15Z | |
| dc.date.available | 2024-07-04T14:12:15Z | |
| dc.date.issued | 2023 | |
| dc.date.updated | 2024-06-04T13:39:02Z | |
| dc.description.abstract | Purpose: Organisational culture and an information security subculture can have a significant influence on employee compliance with information security policies. Cultivating an information security culture however is a challenge for organisations, as differences in cultural values can lead to cultural contradictions. Cultural contradictions can in turn lead to conflict, which has an undesirable influence on employee compliance behaviour. The purpose of this research is to explain the nature of the relationship between emergent cultural contradictions in organisations and the information security compliance behaviour of employees. Methodology: Structuration Theory was used as a theoretical lens to explain how cultural contradictions are implicated in employee compliance behaviour. The research methodology was qualitative in nature, comprising a case study with interviews as the data collection instrument. The qualitative data was analysed using thematic analysis to report on cultural orientations, emerging cultural contradictions, and a structurational analysis on how cultural contradictions influence employee compliance with information security policies. Findings: Cultural contradictions between the espoused values of employees and the security values underpinning technology, priorities, processes, and vision are shown to have an adverse effect on employee compliance with information security policies. Structurational analysis also revealed that an ineffective security training programme can lead to an unintended consequence of non-compliance to information security policies. Furthermore, misaligned information security goals can result in employees circumventing information security policies, if they are deemed to conflict with their professional goals, which are further exacerbated by weakly enforced sanctions. Findings also show that power relations enacted within a multinational organisation can have an undesirable effect on the information security policy compliance behaviour of implementors and employees alike. Value: The implications of cultural contradictions on employee compliance behaviour have received little attention in research. The few studies that have addressed the phenomenon have predominantly relied on value-based organisational theories. This study seeks to address this limitation by proposing a theoretical framework grounded in social theory, to explain how cultural contradictions are implicated in information security compliance behaviour | |
| dc.identifier.apacitation | Solomon, G. A. (2023). <i>The Effects of Cultural Contradictions on Information Security Compliance Behaviour</i>. (). ,Faculty of Commerce ,Department of Information Systems. Retrieved from http://hdl.handle.net/11427/40357 | en_ZA |
| dc.identifier.chicagocitation | Solomon, Grant Arthur. <i>"The Effects of Cultural Contradictions on Information Security Compliance Behaviour."</i> ., ,Faculty of Commerce ,Department of Information Systems, 2023. http://hdl.handle.net/11427/40357 | en_ZA |
| dc.identifier.citation | Solomon, G.A. 2023. The Effects of Cultural Contradictions on Information Security Compliance Behaviour. . ,Faculty of Commerce ,Department of Information Systems. http://hdl.handle.net/11427/40357 | en_ZA |
| dc.identifier.ris | TY - Thesis / Dissertation AU - Solomon, Grant Arthur AB - Purpose: Organisational culture and an information security subculture can have a significant influence on employee compliance with information security policies. Cultivating an information security culture however is a challenge for organisations, as differences in cultural values can lead to cultural contradictions. Cultural contradictions can in turn lead to conflict, which has an undesirable influence on employee compliance behaviour. The purpose of this research is to explain the nature of the relationship between emergent cultural contradictions in organisations and the information security compliance behaviour of employees. Methodology: Structuration Theory was used as a theoretical lens to explain how cultural contradictions are implicated in employee compliance behaviour. The research methodology was qualitative in nature, comprising a case study with interviews as the data collection instrument. The qualitative data was analysed using thematic analysis to report on cultural orientations, emerging cultural contradictions, and a structurational analysis on how cultural contradictions influence employee compliance with information security policies. Findings: Cultural contradictions between the espoused values of employees and the security values underpinning technology, priorities, processes, and vision are shown to have an adverse effect on employee compliance with information security policies. Structurational analysis also revealed that an ineffective security training programme can lead to an unintended consequence of non-compliance to information security policies. Furthermore, misaligned information security goals can result in employees circumventing information security policies, if they are deemed to conflict with their professional goals, which are further exacerbated by weakly enforced sanctions. Findings also show that power relations enacted within a multinational organisation can have an undesirable effect on the information security policy compliance behaviour of implementors and employees alike. Value: The implications of cultural contradictions on employee compliance behaviour have received little attention in research. The few studies that have addressed the phenomenon have predominantly relied on value-based organisational theories. This study seeks to address this limitation by proposing a theoretical framework grounded in social theory, to explain how cultural contradictions are implicated in information security compliance behaviour DA - 2023 DB - OpenUCT DP - University of Cape Town KW - Information Systems LK - https://open.uct.ac.za PY - 2023 T1 - The Effects of Cultural Contradictions on Information Security Compliance Behaviour TI - The Effects of Cultural Contradictions on Information Security Compliance Behaviour UR - http://hdl.handle.net/11427/40357 ER - | en_ZA |
| dc.identifier.uri | http://hdl.handle.net/11427/40357 | |
| dc.identifier.vancouvercitation | Solomon GA. The Effects of Cultural Contradictions on Information Security Compliance Behaviour. []. ,Faculty of Commerce ,Department of Information Systems, 2023 [cited yyyy month dd]. Available from: http://hdl.handle.net/11427/40357 | en_ZA |
| dc.language.rfc3066 | Eng | |
| dc.publisher.department | Department of Information Systems | |
| dc.publisher.faculty | Faculty of Commerce | |
| dc.subject | Information Systems | |
| dc.title | The Effects of Cultural Contradictions on Information Security Compliance Behaviour | |
| dc.type | Thesis / Dissertation | |
| dc.type.qualificationlevel | Masters | |
| dc.type.qualificationlevel | MCom |