A multi-theory model to evaluate new factors influencing information security compliance

Many organisations recognise that their employees, who are often considered the weakest link in information security, can also be great assets in the effort to reduce risk related to information security. This research identifies the antecedents of employee compliance with the information security policy (ISP) of an organisation. A survey among computer users of organisations in Mauritius which have established information security policy was carried out. A novel multi-theory model is derived from theory of reasoned action, cognitive evaluation theory and hanoo, and that model is presented to evaluate the data gathered through the survey. The results show that an employee's intention to comply is influenced by attitude, security awareness programs and rewards. Intention to comply in turn influences actual compliance to ISP. Copyright © 2023 Inderscience Enterprises Ltd.