Document Type : Original research
Authors
1
Ph.D. Candidate in Information Technology Management, Faculty of Management and Accounting, Allameh Tabataba’i University
2
Professor, Department of Information Technology Management, Faculty of Management and Accounting, Allameh Tabataba’i University
3
Professor, Department of Public Administration, Faculty of Management and Accounting, Allameh Tabataba’i University
4
Professor, Department of Information Technology Management, College of Management, University of Tehran
Abstract
Consideringing the critical role of the human factor as a vulnerable link in the information security chain, this study aims to identify, classify, and integrate the factors influencing employee compliance with Information Security Policies (ISPs) in banking sector. The research culminates in the development of a comprehensive conceptual framework for this domain. The study employs a qualitative meta-synthesis methodology. Through a systematic search of academic databases, 67 pertinent articles directly addressing the research topic were selected and subjected to in-depth thematic analysis. The primary theoretical framework for classifying and integrating the extracted factors was the Capability, Opportunity, Motivation-Behavior (COM-B) model, which was synthesized with key concepts from Protection Motivation Theory (PMT), the Theory of Planned Behavior (TPB), Neutralization Theory, and General Deterrence Theory (GDT). The findings reveal that compliant behavior is the product of the interplay of three primary dimensions. The motivation dimension, comprising 13 factors, emerged as the most pivotal dimension, with attitudes and beliefs and cost–benefit evaluations occurring 39 and 24 times, respectively. Within the opportunity dimension, encompassing 11 factors, training and awareness and social norms—with 28 and 21 occurrences respectively—were identified as the most influential environmental factors. In the capability dimension, which consists of 12 factors, self-efficacy, with 18 occurrences, proved more significant than any other factor in that category. This research proposes an integrated, multidimensional framework demonstrating that employee compliance with ISPs in the banking system is not merely a technical requirement but a cognitive and social choice. The framework holds significant practical implications for banking managers, highlighting the necessity of shifting focus from tool-centric strategies to human-centric approaches that emphasize attitude modification, self-efficacy enhancement, and the cultivation of a positive security culture. Furthermore, by providing a comprehensive theoretical foundation, the framework enables future empirical research to examine the relationships among these factors.
Keywords
Main Subjects
)