Los puntos clave no están disponibles para este artículo en este momento.
Purpose The purpose of this study is to apply the Technological-Organisational-Individual (TOI) framework in this organisation to determine to what extent current security management practices are informed by findings of relevant literature and standards on information security incorporated in the framework. Design/methodology/approach A literature review with factors influencing security behaviour is presented and the TOI framework is explained. The TOI framework aspects are mapped against current practices applied by one large public sector organisation. After presenting an analysis of current security management practices, recommendations are provided to security managers on how to implement their practices to enhance information security policy (ISP) compliance of employees in the traditional workplace and of teleworkers. Findings Conclusions suggest that some factors that play a critical role in information security management are not adequately covered in this Organisation. This study also aims to provide recommendations to security managers on how to address these factors to implement security management practices that can improve ISP compliance and inform literature on any additional practices. It also shows that it took an adaptive approach to changing conditions, such as teleworking. They can use the TOI framework as a roadmap, to design and implement security management practices that will motivate employees to form a security behaviour in the workplace and when teleworking. Originality/value The authors present the TOI framework and assess its applicability in a real-life organisation. Rather than focusing on theoretical concepts, which may be less accessible to security managers, practical recommendations are provided on how to implement security management practices both in traditional workplaces and in teleworking environments.
Topa et al. (Tue,) studied this question.