Promoting Information Security Policy Compliance - An Empirical Study

Ensuring employees comply with the information security policy is an essential component of the security program in an organization. Grounded in action research and inspired by Unified Model of Information Security Compliance (UMISPC) (Moody et al. 2018), we introduce a customizable framework to promote information security policy compliance and lay out a plan to empirically test the proposed framework in a large public university in the southeast of US. The proposed framework can facilitate organizations to better understand their employees' non-compliance behaviors and create effective remediation actions. This research also validates the UMISPC in a university setting, which will contribute to the generalizability and refinement of the UMISPC model after the study is successfully carried out. The limitations and future directions of this project are also discussed.