The Effect of Rational Based Beliefs and Awareness on Employee Compliance with Information Security Procedures: Case Study of a Financial Firm [Abstract]

Aim/Purpose: This paper examines the behavior of financial firm employees with regard to information security procedures instituted within their organization. Furthermore, the effect of information security awareness and its importance within a firm is examined. Background: The study focuses on employees' attitude toward compliance with information security policies (ISP), combined with various norms and personal abilities. Methodology: A self-reported questionnaire was distributed among 202 employees of a large financial institution. Contribution: As far as we know, this is the first paper to thoroughly examine employees' awareness of information system procedures, among financial organizations in Israel and also the first to develop operative recommendations for these organizations aimed at increasing ISP compliance behavior. Findings: Our results indicate that employees' attitudes, normative beliefs and personal capabilities to comply with firm's ISP, have positive effects on the firm's ISP compliance. Also, employees' general awareness of IS, as well as awareness to ISP within the firm, positively affect employees' ISP compliance. Impact on Society: This study offers another level of understanding of employee behavior with regard to information security in organizations and comprises a significant contribution to the growing knowledge in this area. The research results form an important basis for IS policymakers, culture designers, managers, and those directly responsible for IS in the organization. Future Research: Future work should sample employees from other financial institutions and also institutions from other fields and also should apply qualitative analysis to explore other pillars of behavioral patterns related to the subject matter.