In today's digital age, the Internet is a platform upon which several aspects of social and business interactions are made. In the business sense, organisations use the Internet to facilitate tasks, for storing data, and gaining access to information. However, since the Internet was originally conceived as an open- and fault tolerant network, businesses are vulnerable to cyberthreats. Cybersecurity is crucial in the current digital era to protect critical infrastructure and data. To reduce risks and protect assets, organisations must prioritise security despite its challenges. Security risks are always changing, and keeping abreast with compliance standards presents new organisational challenges. To address both these issues, organisations must develop thorough cybersecurity policies.This study creates a process-based model of how IT department personnel should implement cybersecurity policies.
Top1. Introduction
Today, we live in an information economy in which information has value and trade frequently involves the exchange of information rather than tangible products (Stair & Reynolds, 2015, Gull et al., 2022, Gull et al., 2023). Information system (IS) were first introduced in 1950-1960s, which was known as the data processing era to perform voluminous calculations and used in restricted areas (Petter et al., 2012). But then came the current customer-focused period (i.e., 2000s and beyond), which reflects the increasing sophistication of IS, allowing individuals to obtain personalised experiences depending on their interests, preferences, or roles (Seidel et al., 2010). Nowadays IS is an integral part of organisations (Hertzum, 2021). With the advent of technology, everyone from regular citizens to multinational organisations has unparalleled access to information from a variety of sources, quickly and effortlessly (Mallaboyev et al., 2022). Despite that most organisations deploy baseline security procedures, the number of security incidents like unauthorised attempts to access systems or data, phishing attacks, malware attacks, and denial-of-service (DoS) attacks are increasing (Ghelani, 2022, Saeed et al., 2023a, Saeed et al., 2023b). Organisations all over the world are discovering that they must constantly adopt new security measures, such as cybersecurity policies, to remain secure, competitive, market-ready, profitable, and relevant (Aydin & Pusatli, 2015; Chung et al., 2021). To mitigate security risks Information Technology (IT) organisations should follow a set of rules and regulations known as policies (Hutchins & Britt, 2020) so that people within them can know how to protect against misuse (Mishra et al., 2022). According to IS research, implementing Information Security Policies (ISP) remains a significant barrier for many organisations (Smith & Rupp, 2022). However, security is an ongoing concern in IT departments (Smith & Rupp, 2022). As a result, security policies have become an important aspect of employee standards, laws, and best practises (Knapp et al., 2009). Scholars have investigated to apply cybersecurity policies from a socio-technical perspective with varying results (Knapp et al., 2009; Aydin & Pusatli, 2015; Hasan et al., 2021; Alassaf & Alkhalifah, 2021).
Today, it seems evolving technology is engulfing every aspect of our civilisation (Alsharif et al., 2022). From artificial intelligence to smart devices, technology has an impact on almost every aspect of our lives. Cybercrime, identity theft, and data breaches, on the other hand, are becoming more widespread with increasing connectivity (Johnson, 2022). Most businesses employ technical information security countermeasures such as antivirus software, firewalls, anti-spyware software, virtual private networks (VPNs), vulnerability- and patch management, data encryption in transit, and intrusion detection systems, but they are still subjected to targeted attacks on a regular basis (Ghelani, 2022). Despite that the security of the implementation process is severely threatened by technical considerations (Ogbanufe et al., 2021), hackers can quickly infiltrate networks and steal sensitive data by employing high-tech equipment and software (Johnson, 2022).