A Conceptual Framework for Exploring the Factors Influencing Information Security Policy Compliance in Emerging Economies

Information security is an important aspect of every organisation today, specifically in Sub Saharan African (SSA) countries whose economies are perceived to be a growing home ground for cyber criminals. Whilst studies on information security policies (ISP) have offered understanding as to why threat agents do not comply with ISP; this understanding comes mainly from the developed economies, thereby giving a generalised view of ISP compliance. This study identifies the factors influencing ISP compliance within emerging economies of SSA. Following a literature review synthesis of the information security terrain, the findings show that ISP compliance is influenced by three main factors of individual characteristics, organisational and environment characteristics. Further, the findings show how the lack of institutional structures that require organisation to abide to both normative and cohesive pressure; influences organisations not to seek information security legitimacy This then influences how threat agents respond to ISP compliance. The implications of these findings for practice and policy are highlighted.