Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
The Effects of Cultural Contradictions on Information Security Compliance Behaviour
Purpose: Organisational culture and an information security subculture can have a significant influence on employee compliance with information security policies. Cultivating an information security culture however is a challenge for organisations, as differences in cultural values can lead to cultu...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | Eng |
| Published: |
Department of Information Systems
2024
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613188944560128 |
|---|---|
| access_status_str | Open Access |
| author | Solomon, Grant Arthur |
| author2 | Brown, Irwin |
| author_browse | Brown, Irwin Solomon, Grant Arthur |
| author_facet | Brown, Irwin Solomon, Grant Arthur |
| author_sort | Solomon, Grant Arthur |
| collection | Thesis |
| description | Purpose: Organisational culture and an information security subculture can have a significant influence on employee compliance with information security policies. Cultivating an information security culture however is a challenge for organisations, as differences in cultural values can lead to cultural contradictions. Cultural contradictions can in turn lead to conflict, which has an undesirable influence on employee compliance behaviour. The purpose of this research is to explain the nature of the relationship between emergent cultural contradictions in organisations and the information security compliance behaviour of employees. Methodology: Structuration Theory was used as a theoretical lens to explain how cultural contradictions are implicated in employee compliance behaviour. The research methodology was qualitative in nature, comprising a case study with interviews as the data collection instrument. The qualitative data was analysed using thematic analysis to report on cultural orientations, emerging cultural contradictions, and a structurational analysis on how cultural contradictions influence employee compliance with information security policies. Findings: Cultural contradictions between the espoused values of employees and the security values underpinning technology, priorities, processes, and vision are shown to have an adverse effect on employee compliance with information security policies. Structurational analysis also revealed that an ineffective security training programme can lead to an unintended consequence of non-compliance to information security policies. Furthermore, misaligned information security goals can result in employees circumventing information security policies, if they are deemed to conflict with their professional goals, which are further exacerbated by weakly enforced sanctions. Findings also show that power relations enacted within a multinational organisation can have an undesirable effect on the information security policy compliance behaviour of implementors and employees alike. Value: The implications of cultural contradictions on employee compliance behaviour have received little attention in research. The few studies that have addressed the phenomenon have predominantly relied on value-based organisational theories. This study seeks to address this limitation by proposing a theoretical framework grounded in social theory, to explain how cultural contradictions are implicated in information security compliance behaviour |
| format | Thesis |
| id | oai:open.uct.ac.za:11427/40357 |
| institution | University of Cape Town (South Africa) |
| language | Eng |
| last_indexed | 2026-06-10T12:32:11.035Z |
| license_str | Not specified — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UCTD — University of Cape Town Open Access Repository |
| publishDate | 2024 |
| publishDateRange | 2024 |
| publishDateSort | 2024 |
| publisher | Department of Information Systems |
| publisherStr | Department of Information Systems |
| record_format | dspace |
| source_str | UCTD — University of Cape Town Open Access Repository |
| spelling | oai:open.uct.ac.za:11427/40357 The Effects of Cultural Contradictions on Information Security Compliance Behaviour Solomon, Grant Arthur Brown, Irwin Information Systems Purpose: Organisational culture and an information security subculture can have a significant influence on employee compliance with information security policies. Cultivating an information security culture however is a challenge for organisations, as differences in cultural values can lead to cultural contradictions. Cultural contradictions can in turn lead to conflict, which has an undesirable influence on employee compliance behaviour. The purpose of this research is to explain the nature of the relationship between emergent cultural contradictions in organisations and the information security compliance behaviour of employees. Methodology: Structuration Theory was used as a theoretical lens to explain how cultural contradictions are implicated in employee compliance behaviour. The research methodology was qualitative in nature, comprising a case study with interviews as the data collection instrument. The qualitative data was analysed using thematic analysis to report on cultural orientations, emerging cultural contradictions, and a structurational analysis on how cultural contradictions influence employee compliance with information security policies. Findings: Cultural contradictions between the espoused values of employees and the security values underpinning technology, priorities, processes, and vision are shown to have an adverse effect on employee compliance with information security policies. Structurational analysis also revealed that an ineffective security training programme can lead to an unintended consequence of non-compliance to information security policies. Furthermore, misaligned information security goals can result in employees circumventing information security policies, if they are deemed to conflict with their professional goals, which are further exacerbated by weakly enforced sanctions. Findings also show that power relations enacted within a multinational organisation can have an undesirable effect on the information security policy compliance behaviour of implementors and employees alike. Value: The implications of cultural contradictions on employee compliance behaviour have received little attention in research. The few studies that have addressed the phenomenon have predominantly relied on value-based organisational theories. This study seeks to address this limitation by proposing a theoretical framework grounded in social theory, to explain how cultural contradictions are implicated in information security compliance behaviour 2024-07-04T14:12:15Z 2024-07-04T14:12:15Z 2023 2024-06-04T13:39:02Z Thesis / Dissertation Masters MCom http://hdl.handle.net/11427/40357 Eng application/pdf Department of Information Systems Faculty of Commerce |
| spellingShingle | Information Systems Solomon, Grant Arthur The Effects of Cultural Contradictions on Information Security Compliance Behaviour |
| thesis_degree_str | Master's |
| title | The Effects of Cultural Contradictions on Information Security Compliance Behaviour |
| title_full | The Effects of Cultural Contradictions on Information Security Compliance Behaviour |
| title_fullStr | The Effects of Cultural Contradictions on Information Security Compliance Behaviour |
| title_full_unstemmed | The Effects of Cultural Contradictions on Information Security Compliance Behaviour |
| title_short | The Effects of Cultural Contradictions on Information Security Compliance Behaviour |
| title_sort | effects of cultural contradictions on information security compliance behaviour |
| topic | Information Systems |
| url | http://hdl.handle.net/11427/40357 |
| work_keys_str_mv | AT solomongrantarthur theeffectsofculturalcontradictionsoninformationsecuritycompliancebehaviour AT solomongrantarthur effectsofculturalcontradictionsoninformationsecuritycompliancebehaviour |