The Influence of Information Security Culture towards Employee’s Intention to Comply with Information Security Policy: The Mediation Effect of Attitude, Normative Belief and SelfEfficacy.

Abstract

Prevalent research highlights that a positive Information Security Culture (ISC) could
improve security behaviour, in particular, the employee’s intention to comply with
Information Security Policy (INT) in an organization. Although there are substantial
empirical studies that suggestINT is influenced by Attitude (ATT), Normative Belief (NB)
and Self-Efficacy(SE), there is little evidence whether these three mainconstructs of the
Theory of Planned Behaviour(TPB)are also present inthe relationship between ISC and INT.
This paper examines the mediating effects of ATT, NB and SE in the relationship between
ISC and INT. A cross-sectional survey was conducted involving the respondents from
Malaysian Public Universities.Partial Least Square-Structural Equation Modeling (PLSSEM) was employed to validate the research model and test the hypotheses. Findings
revealed that ATT, NB and SE play significant roles as mediators in the relationship between
ISC and INT.The findings further suggestthat ATT, NB and SE are important in ensuring the
effective establishment of ISC in improving employee’s security behaviour.