INCORPORATING ISLAMIC PRINCIPLES IN INFORMATION SECURITY BEHAVIOUR: A CONCEPTUAL FRAMEWORK

Abstract

Information Security Behavior among employees has dramatically changed the organizational security threat landscape in recent years. This is due to the advancement of Information Technology especially mobile and social technologies which are seen to be blurring employees‘ professional and personal persona. Due to this, employees tend to perform information security behavior with and without intentions. However, current Information System Security literature indicates lack of distinction for the types of information security behavior among employees in organizations. This article proposes a conceptual model for categorizing and classifying the information security behavior to highlight the aspects of behavioral intention, compliance and severity. It is developed based on the integration of Islamic principles and contemporary studies in the relevant fields. Deep understanding of each classification in the conceptual model could provide research and industry with a clear definition and countermeasures for each identified behavior. This may lead to strategic and structured approaches to resolve and extricate the occurrence of the behavior.