Sayed Amir Reza Mortazavi,Faramarz Safi-Esfahani

DOI: https://doi.org/10.1007/s41870-019-00302-0

2019-04-22

International Journal of Information Technology

Abstract:Today, information is rapidly increasing. For most of this information, data security and protection from unauthorized access are of great importance. Maybe information is created by an individual or a few people, but creating security for the information should be done by all assets of hardware, software and people. This entails organizing all elements of the system, and training and monitoring the performance of the people. One of the standards provided for the creation of security is ISMS. This standard is intended to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a system in terms of security. ISMS receives several parameters from users, assesses the risks and offers some controls (guidelines) to improve them. Collecting primary parameters is also very important in ISMS. Usually these parameters are collected personally, which result in getting inaccurate outcomes. The most important parameters include confidentiality, integrity, availability, threat and vulnerability. This paper tries to provide a method based on checklists so that by assessing the users’ responses to these checklists, one can more accurately insert the vulnerability parameter value as a standard input of ISMS, in order to gain better outcomes, and more accurately perform choice of controls. In the assessment, the standard deviation method is calculated, and comparison between the common mode of ISMS and the proposed method shows that the latter works 30% better than the conventional method. People may refuse to respond sincerely due to different reasons, and the percentage of the results may differ, since the results are obtained as cross-sectional at a certain time.

Hamid Rezazadeh,Alireza Aliahmadi,Mahdi Abdolhamid,Seyyede Ashraf Mousavi Loghman

DOI: https://doi.org/10.61838/kman.jtesm.3.1.18

2024-01-01

Abstract:The Social Security Organization, as one of the largest institutions providing social and insurance services in Iran, plays a significant role in ensuring the social and economic security of various segments of society. The objective of this research is to present a model of an efficient administrative system based on justice-oriented and jihadi management principles. This research follows an interpretive philosophy, an inductive approach, a qualitative method, and a grounded theory strategy with an emergent approach. The study population consists of the Social Security Organization, where the qualitative sample includes individuals with at least 10 years of work experience who possess theoretical and practical knowledge related to the research topic and understand the efficient processes of the administrative system within the Social Security Organization. Out of these individuals, 21 were selected as the sample through purposive sampling. To assess the validity of the research, the four criteria of Lincoln and Guba (1987) were used. The findings revealed that 548 initial codes were extracted, categorized into 104 categories and 31 components. For theoretical coding, Glaser's "6 Cs" family was utilized. In this context, the causal components include environmental and structural conditions, participatory management, interaction with insurance parties, jihadi management, training and empowerment, initiative, human resource management, process simplification, and behavioral factors. The correlational factors include supportive policies, organizational innovation, and service compensation. The contingencies involve Islamic and human values, jihadi culture, and time management. The mediating conditions consist of justice-oriented principles, utilization of modern technologies, a supportive political and economic environment, and social capital. The outcomes encompass improved productivity, enhanced justice, increased motivation and commitment, economic and social improvement, better performance, employee satisfaction and motivation, and increased customer and societal satisfaction. Finally, the environmental context includes government support for workers' rights, low government support for employers, public unawareness of laws, the existence of general laws, and unfavorable general-economic conditions.

Reza Jafari Afshar,Abbas Heidari,Mina Jamshidi Avanaki

DOI: https://doi.org/10.61838/kman.ijimob.4.2.18

2024-01-01

Abstract:Objective: Nowadays, social responsibility is considered essential for organizations, as it significantly influences various organizational outputs. Many organizations are continually striving to improve their image through the development of their social responsibilities. This study presents a model for measuring social responsibility in Tejarat Bank. Methodology: The research was conducted using a mixed-method approach (qualitative and quantitative). The qualitative sample consisted of 10 experts, and the quantitative sample included 413 managers and specialists from Tejarat Bank, with 203 individuals selected as the statistical sample using a sample size formula. In the qualitative part, an initial model including 3 dimensions, 9 components, and 45 indicators was extracted through interviews with bank experts. Subsequently, the extracted model was tested using structural equation modeling in the LISREL software environment. Findings: Results showed three main dimensions: customer-centricity (including components of responsiveness and service quality), legal and ethical (including stakeholders, employees, community rights, and organizational activities), and environmental focus (including environmental factors, online marketing, and internet service provision). Conclusion: To improve service quality, it is suggested that managers examine the customer experience in all service delivery processes and assess customers' mental satisfaction. It is also recommended that service delivery channels to customers be standardized, meaning that services received through various means (such as mobile banking, internet banking, etc.) should be uniform, and if a customer begins a service process through one channel, they should be able to continue it through another.

Badran Badrani,Dr. Safieh Siadat,,

DOI: https://doi.org/10.52132/ajrsp.e.2021.31.5

2021-11-05

Academic Journal of Research and Scientific Publishing

Abstract:The purpose of this study is to identify the degree of compatibility between computer-based accounting information systems, requirements, and barriers to e-commerce in Iranian service companies according to a joint project of the United States and Canada. The present study is applied in terms of purpose and descriptive-analytical in terms of method. The statistical population is service companies listed on the Iranian Stock Exchange (fifty-five companies). The statistical sample included 48 employees of accounting departments. So, the questionnaire was distributed among 48 employees in the accounting departments. All participants in the sample answered the questionnaire. We used the resources, references, books, papers, and scientific journals available in libraries (extracting studies related to the research topic) and the Internet (discovering new topics in the field of research) to collect data and information. Also, the main tool for collecting primary data was a questionnaire whose questions were prepared and designed based on a five-point Likert scale and a joint project between the United States and Canada (Al-Qishi, 2003 and Mahern, 2009). Before distributing the questionnaire, some experienced professors and experts in the field of accounting sciences evaluated the apparent validity of the questions. The reliability of the questionnaire was also assessed through Cronbach's test. To analyze the data, SPSS software and arithmetic mean test and standard deviations were used to determine the degree of compatibility between the studied variables. The results showed that there is sufficient compatibility between computer-based accounting information systems and e-commerce requirements in Iranian service companies according to a joint US-Canadian project.

Masoud Hayeri Khyavi

DOI: https://doi.org/10.1504/IJFEM.2023.10052987

2023-01-25

Abstract:Organizations concerned about digital or computer forensics capability which establishes procedures and records to support a prosecution for computer crimes could benefit from implementing an ISO 27001: 2013-compliant (ISMS Information Security Management System). A certified ISMS adds credibility to information gathered in a digital forensics investigation; certification shows that the organization has an outsider which verifies that the correct procedures are in place and being followed. A certified ISMS is a valuable tool either when prosecuting an intruder or when a customer or other stakeholder seeks damages against the organization. SOC (Security Operation Center) as an organization or a security unit which handles a large volume of information requires a management complement, where ISMS would be a good choice. This idea will help finding solutions for problems related to digital forensics for non-cloud and cloud digital forensics, including Problems associated with the absence of standardization amongst different CSPs (Cloud service providers).

Cryptography and Security,Networking and Internet Architecture,Systems and Control

Ahmed Alkalbani,Hepu Deng,Booi Kam

DOI: https://doi.org/10.48550/arXiv.1606.00875

2016-05-28

Computers and Society

Abstract:The increase reliance on information systems has created unprecedented challenges for organizations to protect their critical information from different security threats that have direct consequences on the corporate liability, loss of credibility, and monetary damage. As a result, the security of information has become a top priority in many organizations. This study investigates the role of socio-organizational factors by drawing the insights from the organizational theory literature in the adoption of information security compliance in organizations. Based on the analysis of the survey data collected from 294 employees from different organizations, the study indicates management commitment, awareness and training, accountability, technology capability, technology compatibility, processes integration, and audit and monitoring have a significant positive impact on the adoption of information security compliance in organizations. The study contributes to the information security compliance research by exploring the criticality of socio-organizational factors at the organizational level for information security compliance.

Koli J. Mohan,Saini A. K

DOI: https://doi.org/10.46647/ijetms.2023.v07i05.012

2023-01-01

International Journal of Engineering Technology and Management Sciences

Abstract:Purpose of the study: This study aims to investigate and analyze the Information Security governance practices within banks. Design/methodology/approach: This is a Survey-based study. Employees of State Bank of India in Delhi region were the participants of the study. Findings: The findings of the study will contribute to the existing body of knowledge on information security governance in the banking sector. Research limitations: Small sample size and lack of funds for performing comprehensive quantitative study are the limitations of the study. Practical implications: Regulatory compliance, incident response, and data recovery are all a part of this process, as well as risk assessment and management, policy and procedure creation, security awareness and training, security controls and technology, and more. Public sector organizations may improve their security posture and better secure their information assets by adopting a systematic approach to information security governance. Social implications: Data protection, service protection, privacy, fighting cybercrime, public trust, and economic impact are only few of the societal effects of researching information security governance in public sector organizations. Organizations in the public sector can reduce the risk of financial and reputational damage as well as secure sensitive information by employing best practices in information security. Originality/value: The research outcomes will help identify areas of improvement, highlight effective practices, and provide recommendations for enhancing information security governance within banks. Ultimately, this study contributes to the development of robust Information Security governance frameworks that can protect sensitive data, mitigate risks, ensure regulatory compliance, and maintain the trust and confidence of customers and stakeholders in the banking industry.

Akhyari Nasir,Ruzaini Abdullah Arshah,Mohd Rashid Ab Hamid,Syahrul Fahmy,,,,

DOI: https://doi.org/10.30880/ijie.2022.14.03.017

2022-06-20

International Journal of Integrated Engineering

Abstract:This paper examines the factors determining a positive Information Security Culture (ISC) concept and the influence of ISC towards ISP compliance intention (INT) between IT and non-IT professionals in Malaysian public universities. Partial least square structural equation modelling, using PLS MGA, is used to assess the measurement and structural models, and to compare the results between the two groups. Results indicate all factors have significant contribution towards ISC in both groups, with two out of seven ISC factors have significant differences. This study has revealed that although both groups have the same ISC factors, IT and non-IT professionals have significant difference in terms of believe that Top Management Commitment and Information Security Knowledge are required for implementing apositive ISC. In addition, there is a significant difference between these two groups in terms of the influence of ISC towards ISP compliance intention. ISC has less influence towards INT for Non-IT professionals compared to IT professionals within the same ISC. These empirical findings would benefit in formulating better security strategies by providing appropriate efforts for different groups of employees in the organizations. This study also provides a total cyber security solution for improving information security culture and employees’ compliance towards Information Security Policy.

Amir Ghorbaniyan,Mohammadreza Abdoli,Hasan Valiyan,Hasan Boudlaie

DOI: https://doi.org/10.1108/jfm-06-2022-0066

2023-04-10

Journal of Facilities Management

Abstract:Purpose In recent years, Corporate Citizenship has continued to grow in importance and significance. It has been the subject of considerable debate and commentary among researchers, corporate leaders and public institutions like NGOs and even capital market companies. The development of this concept in internal audit functions can improve the level of responsibility of companies. The purpose of this study is to design an internal audit model of a corporate citizen in Iranian capital market companies. Design/methodology/approach This research is methodologically in the category of developmental and combined research. In this study, two meta-synthesis and Delphi analyzes in the qualitative part and systematic representation analysis were used to determine the systematic relationships of the Internal Audit Corporate Citizen Components to strengthen environmental sustainability. Because of the mix of the data collection method in both qualitative and quantitative parts, the research participants in the qualitative part were 13 university experts in the field of accounting and 19 internal auditors of Iranian capital market companies who had specialized experience participated in the quantitative part. Findings The results in the qualitative section indicate the existence of 14 confirmed studies and the determination of 8 main components of the internal audit of the corporate citizen, during two stages of Delphi analysis, the level of reliability of the components was confirmed with the concept of internal audit of the corporate citizen. Based on the results of system representation model in quantitative part, it was determined that Environmental training to human resources is the primary stimulus for the system's internal audit system representation to monitor the financial performance of the company to achieve environmental sustainability. Originality/value To the best of the authors' knowledge, this is the first study to exemplify environmental sustainability by focusing on the concept of corporate citizen internal auditing. An area that, although of research importance in terms of developing theoretical literature and practical basis in reducing the financial reporting gap with an independent auditor, However, less research has been done on this issue and conducting this research and expanding it to the level of internal auditing profession can enhance the institutional and educational capacities on it at the international level and help to integrate the development of theoretical literature.

Fotis Kitsios,Elpiniki Chatzidimitriou,Maria Kamariotou

DOI: https://doi.org/10.3390/su14031269

IF: 3.9

2022-01-24

Sustainability

Abstract:Organizations must be committed to ensuring the confidentiality, availability, and integrity of the information in their possession to manage legal and regulatory obligations and to maintain trusted business relationships. Information security management systems (ISMSs) support companies to better deal with information security risks and cyber-attacks. Although there are many different approaches to successfully implementing an ISMS in a company, the most important and time-consuming part of establishing an ISMS is a risk assessment. The purpose of this paper was to develop a risk assessment framework that a company followed in the information technology sector to conduct the risk assessment process to comply with International Organization for Standardization (ISO) 27001. The findings analyze the conditions that force organizations to invest in protecting information and the benefits they can derive from this process. In particular, the paper delves into a multinational IT consulting services company that undertakes and implements large business support installation and customization projects. It explains the risk assessment process and the management of the necessary configurations so that its functions are acceptable and in line with information security standards. Finally, it presents the difficulties and challenges encountered.

environmental sciences,environmental studies,green & sustainable science & technology

Rúsbel Domínguez Domínguez,Omar A. Flores Laguna,José A. Sánchez-Valdez

DOI: https://doi.org/10.48550/arXiv.2306.07367

2023-06-12

Cryptography and Security

Abstract:This research shows the analysis of multiple factors that inhibit the implementation of an Information Security Management System (ISMS). The research data were collected from 143 respondents from two universities in northeastern Mexico, in faculties of engineering in related areas. In this study, the Information Security Management System Measurement Instrument (IM-ISMS) was validated. A scale of 24 items was obtained, divided into four factors: organizational policies and regulations, privacy, integrity and authenticity. The results of this study agree with the results found by [10] in which they pre-sent a model that complies with ISO/IEC 27002:2013 controls and security and privacy criteria to improve the ISMS. [48], Mentioned that the implementation of controls based on ISO standards can meet the requirements for cybersecurity best practices.A scale of 24 items was obtained, divided into four factors: organizational policies and regulations, privacy, integrity and authenticity. This version of the instrument meets the criteria established for its validity (KMO, Bartlett's test of sphericity). An extraction was performed by the minimum residuals method, an oblique rotation was performed by the promax method, when performing the rotation 17 of the 24 items were grouped in the corresponding factor. The final reliability of the scale was calculated by the Omega coefficient, in all the dimensions the coefficients were greater than .70, therefore the re-liability of the instrument is good.

Ali Rahmani,Parisa Saadat Behbahaninia,Mona Parsaei,Mahnaz Mahmoudkhani

DOI: https://doi.org/10.1177/00208523231195707

IF: 2.397

2023-12-15

International Review of Administrative Sciences

Abstract:International Review of Administrative Sciences, Ahead of Print. Maturity models (MMs) are used as a reference framework in various fields. In the public sector (PS), the principles of good governance have necessitated an evolution in financial reporting. This study aimed to design a model of accounting and financial maturity for PS reporting units. This study has a mixed-methods design. The initial MM was designed using a systematic review and expert panel discussions. Then, five focus group interviews were held over seven sessions. Next, a questionnaire was distributed among Iranian PS experts to validate the components of the MM. Thirty-two people filled out the questionnaire. A binomial test was used to validate the dimensions of the model. The outcome of this study was the design of a MM for accounting and financial reporting in PS units. The model was designed in five levels and includes eight dimensions, namely leadership, budgeting and financial planning, financial leadership and supervision, efficiency and effectiveness, rules and regulations, financial reporting, human capital and information technology. This model can be used as a basis for assessing the performance of PS units and to implement good governance in organizations. This model is applicable to all developing countries that utilize the revised International PS Accounting Standards and seek to establish a new PS management approach and performance-based budgeting.

public administration

NasiriPour Amir Ashkan,Naelbafroui Ebrahim,Komeili Ali,Riahi Leila,Hajinabi Kamran

DOI: https://doi.org/10.31661/gmj.v11li.2012

2022-08-25

Abstract:Background: Fair Distribution of Medical Facilities is one of the most critical issues affecting economic and health indicators. Iranian Social Security Organization (ISSO) is a non-governmental organization responsible for providing medical services to insured individuals in 77 hospitals, 265 polyclinics, and clinics that has faced much demand from the insured to build a new medical center. So, Due to the significant role of ISSO in meeting the medical needs and its high coverage (almost 42%) in Iran, we aimed to identify the factors influencing medical facilities' fair distribution in the ISSO. Materials and Methods: This applied study was conducted as a descriptive study in the ISSO in 2018. Variables affecting medical facilities distribution were elicited from the literature review and through an interview with 16 experts who were occupied in the healthcare management field. Then, a Likert scale-based questionnaire with 56 items in 7 sections was developed. Questionnaires were distributed among 456 person received questionnaires, and 415 responded to all questions. All participants were experts in the healthcare section of the ISSO all over the country. Data were analyzed via exploratory and confirmatory factor analysis and structural equations using SPSS 23 and AMOS-24 software. Results: By exploratory and confirmatory factor analysis, seven main factors (demographic factors, geographical factors, functional factors, structural factors, humanistic factors, economic factors, and Contract parties factors) were identified as critical factors affecting medical facilities distribution. Each aspect included many components. AMOS software showed the significance of variables by P-value and critical ratio (CR) indices to analyze the conceptual model of the research. Function factors with standard coefficients of 0.85 had the most, and economic factors with a standard coefficient of 0.53 had a minor effect on the distribution of medical facilities in the ISSO. Conclusion: To have a more efficient medical facilities distribution in the ISSO must consider all identified factors, special attention should be given to the maximum use of available medical facilities. Furthermore, more attention should be paid to distributing human resources, finance, and medical equipment.

K. F. Hafashjani,N. Azad,Neda Abasi

DOI: https://doi.org/10.5267/J.USCM.2014.12.002

Abstract:Article history: Received July 18, 2014 Accepted December 1 2014 Available online December 11 2014 This paper presents an empirical investigation to identify and rank the factors of information market development systems influencing on the market share development. The population of this survey includes all managers who work for SMEs in city of Tehran, Iran. The study selects a sample of 230 people randomly and a questionnaire is distributed among them in Likert scale. Cronbach alpha has been calculated as 0.814, which is well above the minimum desirable level. Using structural equation modeling the study has determined seven factors including valid data, information, strategic information, organizational information, supportive information, customer information, development information and data analysis, which influence market share development. Growing Science Ltd. All rights reserved. 5 © 201

Computer Science,Business

Heru Susanto,Mohammad Nabil Almunawar,Yong Chee Tuan

DOI: https://doi.org/10.48550/arXiv.1203.6622

2012-03-29

Abstract:Security is a hot issue to be discussed, ranging from business activities, correspondence, banking and financial activities; it requires prudence and high precision. Since information security has a very important role in supporting activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development of information security management system (ISMS) assessment and monitoring software, called by I-SolFramework. System / software is expected to assist stakeholders in assessing the level of their ISO27001 compliance readiness, the software could help stakeholders understood security control or called by compliance parameters, being shorter, more structured, high precision and measured forecasting.

Cryptography and Security,Software Engineering

Mahmoud Dehghan Nayeri,Moein Khazaei,Fatemeh Alinasab-Imani

DOI: https://doi.org/10.1007/s11213-020-09524-x

2020-03-24

Systemic Practice and Action Research

Abstract:Considering the unfortunate intensification of the Non-performing loans in Iran`s credits system makes it vital to study the current system shortcomings. Although many researchers have dealt with it theoretically, employing a critical approach through the different stakeholders' views will be enlightening. Therefore, with the purpose of a keen revision through a critical approach, the present study scrutinizes the banking credit system according to Critical System Heuristics (CSH) in four issues of motivation, power, and knowledge and legitimation base. The process of perception and reflection of the beneficiaries (hidden) opinions happens using 12-boundary questions, in two forms of "what is" and "what ought to be". Findings make propositions based on the perception and understanding of the beneficiaries' boundary judgments (primary judgments about the system) to redesign the credits and facilities system and make key changes in search of common understanding and more efficiency in practice. Ultimately, the Importance-Gap analysis is proposed to prioritize the developed decision options in order to achieve effective and step by step roadmap.

management

Mansour Naser Alraja,Usman Javed Butt,Maysam Abbod

DOI: https://doi.org/10.1016/j.cose.2023.103208

IF: 5.105

2023-06-01

Computers & Security

Abstract:Information security threats have a severe negative impact on enterprises. Organizations rely on employee compliance with information security policies to eliminate or reduce these hazards. The Unified Model of Information Security Policies Compliance (UMISPC) is employed to identify the factors that may affect employees' intention towards compliance with information systems security policy and reactance in a global setting. The study was assessed in two phases. The model's validity and measurement reliability were evaluated in the first phase, while in the second phase, all preliminary model relationships were appraised. This was achieved utilizing structural equation modelling to establish whether the proposed constructs, i.e. neutralization, response efficacy, fear, threat, habit and role values were good predictors for intention or reactance towards compliance with information systems security policy. Participants included 348 employees from 7 nations, i.e. the USA, the UK, Oman, India, Pakistan, Malaysia, and the Philippines. SmartPLS v. 3.3.9 was used for data analysis. The models' measurement reliability and validity were affirmed. Fear and role values have a significant influence on intention toward ISPC. RE significantly predicted threat which in turn significantly predicted fear, and the latter demonstrated a significant effect on reactance as well as Neutralization predicted reactance. In contrast, habit failed to reach a significant influence on intention towards ISPC. The implications are presented, together with proposals for further studies. Our findings are helpful for ISS literature and application by supporting the crucial functions of role values in encouraging employees to behave in a compliant manner. Additionally, it is regarded as the first empirical attempt to estimate intended compliance concerning ISPs in higher education from a worldwide viewpoint.

computer science, information systems

Mahdi Bandarian,Hossein Moinzad,Ahmadreza Kasrai

DOI: https://doi.org/10.61838/kman.jtesm.2.4.14

2023-01-01

Abstract:The aim of this study was to design a model for improving bank investment portfolios with an emphasis on risk management processes based on digital banking indicators. This research is applied in nature and follows a qualitative method with a grounded theory approach. Methodological triangulation was employed in this study by using various data collection methods such as literature review, examination of specialized resources and texts, and semi-structured interviews. Based on purposive sampling, 18 managers and experts from Refah Bank were interviewed in 2023. The interviews were coded using ATLAS.TI software. To validate the obtained results, the data were evaluated and analyzed for validity through triangulation. The research findings were categorized into five themes: causal conditions, contextual conditions, intervening conditions, strategies, and outcomes, which were further divided into four categories: individual, group, organizational, and societal. A model was identified comprising six themes and 19 axial codes based on 85 open codes. In designing the model for improving the bank's investment portfolio with an emphasis on risk management processes, the use of digital banking indicators is of great importance. These indicators measure the key concepts related to the bank's performance in various domains and serve as effective tools in improving performance and reducing financial risk. By periodically analyzing the obtained data and continuously reviewing the digital banking indicators, the model should have the ability to predict market changes and adapt to customer needs. This ongoing process aids in the continuous optimization of the portfolio and alignment with various business environment variables, thereby contributing to the preservation and improvement of the bank's investment performance.

Kanika Duggal,Seunghwan Myeong

DOI: https://doi.org/10.3390/su16209058

IF: 3.9

2024-10-20

Sustainability

Abstract:The extensive focus on information technology (IT) within organizations, along with the substantial significance of information security issues, has made information security a top priority for executives. The International Organization for Standardization 27001 (ISO-27001) policy outlines the requirements for an effective Information Security Management System (ISMS). Implementing an ISMS not only enhances the overall profitability of a firm, but it also has a significant impact in various scenarios. In this study, we examined how ISMS implementation can assist corporations financially, with a specific focus on the moderating effect of Indian national culture. We analyzed financial performance following ISMS and ISO-27001 implementation using sample data from 420 Indian small and medium-sized enterprises (SMEs). By analyzing 256 survey questionnaires from 420 SMEs, we found that national culture amplifies the strong interaction between ISMS implementation and SME performance in India. We found that ISMS implementation increased the profitability of recognized Indian firms, supporting study hypotheses. The findings provide valuable insights for SMEs seeking to enhance financial performance through ISMS implementation, emphasizing the moderating role of national culture in shaping these outcomes.

environmental sciences,environmental studies,green & sustainable science & technology

Maurizio Cavallari

DOI: https://doi.org/10.36941/ajis-2023-0151

2023-11-05

Academic Journal of Interdisciplinary Studies

Abstract:In the advanced field of Information and Communication Technology (ICT) within modern corporate frameworks, the pressing issue of non-compliance becomes increasingly crucial. Achieving the ideal balance—where one fosters consistent employee commitment without resorting to overly harsh penalties for possible violations—presents a complex problem. Such a nuanced relationship calls for a synchronized coordination among the company’s underlying factors, the principles of the Information Security Plan (ISP), and overarching compliance mandates. As companies step into a period where digital environments are in constant flux, the importance of securing information systems rises to a critical level. Against this backdrop, compliance stands out as a vital component, functioning as a stringent safeguard in the ongoing mission to protect precious digital assets—a mission comprehensively detailed within the ISP. This in-depth academic study sets out to rigorously explore and scrutinize the diverse opinions and beliefs of committed employees and insightful management concerning unwavering company alignment with the ISP. This is accomplished by defining a construct that centers on key dimensions: Organizational Culture, Personal Attitudes, Actors, Behavioral Intentions, and Motivational Dynamics. Eleven Hypotheses are outlined and represent the materialisation of the model. This model form a starting point from which future empirical exploration will be able to take place, propelling us towards a deeper understanding of the phenomena under scrutiny. Received: 15 September 2023 / Accepted: 23 October 2023 / Published: 5 November 2023