The role of 'perceptions of information value' in information security compliance behaviour: a study in Brunei Darussalam's public organisations

It has been widely accepted that information is an asset and it needs to be protected. Many types of countermeasures were developed and implemented to ensure continuous protection of information where it is deemed necessary. Unfortunately, in many cases, breaches of security are the result of non-compliance behaviours of users or stakeholders of the system. These non-compliance behaviours increase the vulnerability of such system. Organisations are trying to improve their stakeholders compliance behaviour through different ways for example by providing necessary awareness, education and training and to the extent of providing rewards for healthy behaviours and reprimanding and penalising stakeholders for breaches of security. Despite all these efforts, information security breaches are still on the rise and many types of research have been done to understand this issue. It is postulated that an object is protected if it is appreciated. Appreciation of an object might relate to a value perceived by the owner in association with the object. For the similar reason, this thesis investigates the role of perceptions of information value in the context of its security. It is postulated that perceptions of information value could become an alternative way to understand information security compliance behaviour. Utilising a conceptual framework deduced from current literature to structurally analyse a list of research objectives, empirical evidence of the potential role of information perceived value in promoting better compliance behaviour have indeed been discovered. There is evidence that a perception of information value is developed through a systematic process of value assignment or information value assignment process. These processes are significant to the development of stakeholders intention to behave. The finding of this process has provided a platform for the organisation to understand the casual behind the information security behaviours displayed by stakeholders in the organisation. Further evidence has also suggested that the information value assignment is fuelled or influenced by several factors. These factors have provided a unique opportunity for the organisation to manipulate and nurture to have maximum impact on their information value assignment process, resulting in a possible improved intention to behave, thus, subsequently might affect the actual information security compliance behaviour.