Information systems security (ISS) is a critical issue that organizations face world wide. Information systems security involves both technology and people (human factors). The focus in most researches on information systems’, security as a technical issue has dominated ISS researches and practices.
Lately, a new paradigm is emerging, addressing it as a “people issue” and an “organizational issue”. In that paradigm, people are the weakest element in the information systems security.
The present research takes a different perspective on ISS by focusing on “behavioral information security” and with considering the general lack of empirical research and the importance of information security to modern organizations, it presents a managerial framework for explore the role of human factors in ISS. Specifically the purpose of this research was to identify and model the critical managerial constructs that mostly influence the effectiveness of ISS.
The methodology of this study combines both qualitative and quantitative research techniques. Through a qualitative technique and investigating the research literature, identified key constructs in information systems security were identified. Then developed mod was based on the effects of these constructs on the information systems’ security effectiveness. Then based on the research literature and scholars ideas, a questionnaire was developed and distributed in some organizations. The data obtained were analyzed with SPSS and LISREL software. The results of empirical analysis supported and
validated the model.