Compliance on BYOD security policies : an analysis on employees' perspective in Sri Lanakn IT industry

Abstract

BYOD is an emerging practice that organizations follow in the present world. BYOD brings a lot of advantages to organizations and people who practice it. Even though it has advantages this creates new security threats around it. To mitigate these security risks, organizations implement BYOD security policies and frameworks. For a successful implementation of these BYOD security policies, employee or end-user compliance is a significant factor. This study mainly focuses on understanding end- user perspectives towards these security policies in Sri Lankan IT industry employees. This study carried out a mixed approach to gather data for the study. Initially, data was gathered from the interviews and discussions carried out with representatives from IT organizations where BYOD is in practice in Sri Lanka. Then a survey questionnaire was distributed to capture end-user behavior and their opinions on this security policy compliance. This survey questionnaire was distributed among the employees working in the Sri Lankan IT industry. This study identified that Social influence, Perceived vulnerability, Awareness programs, Self-efficacy, Response efficacy, Employer support, and Perceived severity have a positive influence on an employee’s intention to comply with organizational BYOD security policies whereas Response cost has a negative influence.