The effects of moral disengagement and organizational ethical climate on insiders’ information security policy violation behavior

2019 ◽  
Vol 32 (4) ◽  
pp. 973-992 ◽  
Author(s):  
Hao Chen ◽  
Patrick Y.K. Chau ◽  
Wenli Li
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Moral Disengagement ◽  
Ethical Climate ◽  
Content Type ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Organizational Ethical Climate ◽  
The Relationship ◽  
Moderating Role

Purpose The purpose of this paper is to develop a model that integrates moral disengagement (MD) and organizational ethical climate (OEC) to understand information security policy (ISP) violation behavior in the workplace. This study extends prior work by identifying the moderating mechanisms of the ethical culture of OECs in the relationship between employees’ MD and ISP violation behavior intention. Design/methodology/approach By using scenario-based survey data from 433 employees in Chinese enterprises and by applying PLS-based structural equation modeling, the authors test a series of hypotheses. Findings Our empirical results highlight that the concept of MD has a significant effect on employees’ intention to violate ISPs. The authors also find that the OEC has a moderating role in the relationship between MD and ISP violation intention: the moderating role of law-and-rule-oriented OEC is significantly negative, but instrumentalism-oriented OEC positively moderates this relationship. Originality/value This study contributes to the literature on information security behavior by integrating two ethical theory frameworks MD and OECs into one theoretical model, and it calls attention to how ethical factors at the individual cognition level and organizational climate level work together to influence personal information security behavior. This study provides a new perspective of OEC from which to understand policy violation caused by moral self-regulation failure, and empirically explores its moderating role.

The Cultural Foundation of Information Security Behavior

2021 ◽  
pp. 522-545
Author(s):  
Canchu Lin ◽  
Anand S. Kunnathur ◽  
Long Li
Keyword(s):  
Organizational Culture ◽  
Information Security ◽  
Security Policy ◽  
Behavior Control ◽  
Policy Compliance ◽  
Information Security Policy ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Information Security Policy Compliance ◽  
Security Policy Compliance

Past behavior research overwhelmingly focused on information security policy compliance and under explored the role of organizational context in shaping information security behaviors. To address this research gap, this study integrated two threads of literature: organizational culture, and information security behavior control, and proposed a framework that integrates mid-range theories used in empirical research, connects them to organizational culture, and predicts its role in information security behavior control. Consistent with the cultural-fit perspective, this framework shows that information security policy compliance fits hierarchical culture and the approach of promoting positive, proactive, and emerging information security behaviors fits participative culture. Contributions and practical implications of this framework, together with future research directions, are discussed.

The role of abusive supervision and organizational commitment on employees' information security policy noncompliance intention

2020 ◽  
Vol 30 (5) ◽  
pp. 1383-1405
Author(s):  
Bowen Guan ◽  
Carol Hsu
Keyword(s):  
Organizational Commitment ◽  
Security Policy ◽  
Affective Commitment ◽  
Abusive Supervision ◽  
Three Dimensions ◽  
Continuance Commitment ◽  
Content Type ◽  
The Relationship ◽  
Moderating Role

PurposeThe purpose of this paper is to investigate the association between abusive supervision and employees' information security policy (ISP) noncompliance intention, building on affective commitment, normative commitment and continuance commitment. The study also examines the moderating effect of perceived certainty and severity of sanctions on the relationship between the three dimensions of organizational commitment and ISP noncompliance intention.Design/methodology/approachSurvey methodology was used for data collection through a well-designed online questionnaire. Data was analyzed using the structural equation model with Amos v. 22.0 software.FindingsThis study demonstrates that abusive supervision has a significant, negative impact on affective, normative and continuance commitment, and the three dimensions of organizational commitment are negatively associated with employees' ISP noncompliance intention. Results also indicate that the moderating effect of perceived severity of sanctions is significant, and perceived certainty of sanctions plays a positive moderating role in the relationship between affective commitment and employees' ISP noncompliance intention.Practical implicationsFindings of this research are beneficial for organizational management in the relationships between supervisors and employees. These results provide significant evidence that avoiding abusive supervision is important in controlling employees' ISP noncompliance behavior.Originality/valueThis research fills an important gap in examining employees' ISP noncompliance intentions from the perspective of abusive supervision and the impact of affective, normative and continuance commitment on ISP noncompliance. The study is also of great value for information systems research to examine the moderating role of perceived certainty and severity of sanctions.

scholarly journals Information Security Behavior and Information Security Policy Compliance: A Systematic Literature Review for Identifying the Transformation Process from Noncompliance to Compliance

2021 ◽  
Vol 11 (8) ◽  
pp. 3383
Author(s):  
Rao Faizan Ali ◽  
P. D. D. Dominic ◽  
Syed Emad Azhar Ali ◽  
Mobashar Rehman ◽  
Abid Sohail
Keyword(s):  
Information Security ◽  
Literature Review ◽  
Security Policy ◽  
Transformation Process ◽  
Policy Compliance ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Information Security Policy Compliance ◽  
Security Policy Compliance ◽  
Management Behaviors

A grave concern to an organization’s information security is employees’ behavior when they do not value information security policy compliance (ISPC). Most ISPC studies evaluate compliance and noncompliance behaviors separately. However, the literature lacks a comprehensive understanding of the factors that transform the employees’ behavior from noncompliance to compliance. Therefore, we conducted a systematic literature review (SLR), highlighting the studies done concerning information security behavior (ISB) towards ISPC in multiple settings: research frameworks, research designs, and research methodologies over the last decade. We found that ISPC research focused more on compliance behaviors than noncompliance behaviors. Value conflicts, security-related stress, and neutralization, among many other factors, provided significant evidence towards noncompliance. At the same time, internal/external and protection motivations proved positively significant towards compliance behaviors. Employees perceive internal and external motivations from their social circle, management behaviors, and organizational culture to adopt security-aware behaviors. Deterrence techniques, management behaviors, culture, and information security awareness play a vital role in transforming employees’ noncompliance into compliance behaviors. This SLR’s motivation is to synthesize the literature on ISPC and ISB, identifying the behavioral transformation process from noncompliance to compliance. This SLR contributes to information system security literature by providing a behavior transformation process model based on the existing ISPC literature.

scholarly journals Personality and Employees’ Information Security Behavior among Generational Cohorts

2021 ◽  
Vol 14 (1) ◽  
pp. 44
Author(s):  
Cartmell Warrington ◽  
Javaid Syed ◽  
Ruth M. Tappin
Keyword(s):  
Information Security ◽  
Personality Traits ◽  
Generation X ◽  
Age Groups ◽  
Future Research ◽  
Information Security Behavior ◽  
Significant Relationships ◽  
Five Factors ◽  
Security Behavior ◽  
The Relationship

The Big Five Factors Model (FFM) of personality traits theory was tested for its ability to explain employee information security behavior (EISB), when age, measured by generational cohort (GCOHORT), moderated the relationship between the independent variables (IVs) extraversion, agreeableness, conscientiousness, emotional stability, intellect (EACESI) and the dependent variable (DV), employees’ information security behavior (EISB) which is measured by file protection behavior (FPB). Three age groups defined GCOHORT: 52–70 years old (1946–1964, Baby Boomers), 36–51 yrs old (1965–1980, Generation X), and 18– 35 yrs. Old (1981–1998, Millennial). Results of hierarchical multiple regressions analyses revealed statistically significant relationships between overall personality traits, four individual factors of personality traits, and the DV (p < .05). However, contrary to expectations, GCOHORT did not moderate the relationship between any of the main IVs and the DV (p > .05). Recommendations for future research are offered.

Too much of a good thing?: The impact of ethical controls and perceived controllability on salesforce job performance

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Joon-Hee Oh ◽  
Wesley J. Johnston ◽  
Carolyn Folkman Curasi
Keyword(s):  
Job Performance ◽  
Perceived Control ◽  
Self Efficacy ◽  
Ethical Climate ◽  
Theoretical Perspective ◽  
Content Type ◽  
Organizational Ethical Climate ◽  
The Impact ◽  
The Relationship ◽  
Positive Effect

Purpose The purpose of this paper is to attempt to better understand the relationship between organizational ethical climate, the internalization of ethical codes (INT), perceived control and business-to-business (B2B) and retail salesperson job performance. This research develops and tests a model that examines these relationships to better understand the relationship of these variables to salesperson job performance. Design/methodology/approach Using the theory of planned behavior (Ajzen, 2002) as the theoretical lens and survey data from 307 salespeople in the USA, this study examines the relationship between organizational ethical climate, salesperson perceived control and salesperson job performance. This study examines whether this relationship may change with the presence of intervening variables related to a strengthened organizational ethical climate, and examines the relationship between these variables in two different analyses. First, this study examines the differences among retail salespeople as compared to B2B salespeople. Then this study examines the total dataset of salespeople as one sample. Findings The findings show that the positive effect of organizational ethical climate on the job performance of salespeople was reduced significantly when salespersons’ INT and salesperson perceived controllability, were examined in this relationship. Practical implications Organizational controls, such as an ethical climate within a firm, can impact salesperson job performance, especially if the firm’s ethical climate causes the salesteam to feel that it lessens their perceived control. This study found that if the ethical climate reduces the salespeople’s feelings of self-efficacy, that the ethical climate changes can intervene and can significantly reduce the otherwise positive effect of the organizational ethical climate on salesperson job performance. Originality/value From a theoretical perspective, the research is distinctive in its endeavor to better understand the relationship between the role of salespersons’ ethical code internalization and their feelings of self-efficacy and perceived control. This paper then examines how these variables can be influential to the direct effect of organizational ethical control and can impact the job performance of salespeople. The findings contribute to research by advancing our knowledge of how we can enhance the responses of salespeople to an organization’s ethical control, leading to higher customer satisfaction and improved sales performance.

Do employees in a “good” company comply better with information security policy? A corporate social responsibility perspective

2019 ◽  
Vol 32 (4) ◽  
pp. 858-875 ◽  
Author(s):  
Hyungjin Lukas Kim ◽  
Jinyoung Han
Keyword(s):  
Corporate Social Responsibility ◽  
Information Security ◽  
Social Responsibility ◽  
Security Policy ◽  
Rational Choice Theory ◽  
Information Security Policy ◽  
Content Type ◽  
Corporate Social ◽  
The Impact ◽  
The Relationship

Purpose The purpose of this paper is to investigate the impact of corporate social responsibility (CSR) on employees’ compliance behavior concerning information security policy (ISP). A research model includes CSR activities as an antecedent of ISP compliance and as a mediator of the relationship between ISP compliance intention and the perceived costs of compliance. Design/methodology/approach In total, 162 respondents were surveyed from organizations with more than 500 employees. This study used partial least squares (SmartPLS 3.0) to analyze and examine hypotheses. Findings The results show CSR’s influence as a mediator in the context of ISP compliance. In particular, moral CSR can affect employees’ ISP compliance intention positively and fully mediate the relationship between the costs of compliance and ISP compliance intention. Employees would like to comply with ISP when they recognize the benefits of ISP compliance and the costs of ISP noncompliance. Originality/value This study examines influential factors on ISP compliance considering cost-benefit factors from rational choice theory. Moreover, the study contributes to ISP compliance research by being the first attempt to consider CSR in an ISP compliance research context. The results provide insights on how to strategically implement CSR activities in terms of organizational information security.

The Cultural Foundation of Information Security Behavior

2020 ◽  
Vol 31 (2) ◽  
pp. 21-41
Author(s):  
Canchu Lin ◽  
Anand S. Kunnathur ◽  
Long Li
Keyword(s):  
Organizational Culture ◽  
Information Security ◽  
Security Policy ◽  
Behavior Control ◽  
Policy Compliance ◽  
Information Security Policy ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Information Security Policy Compliance ◽  
Security Policy Compliance

Past behavior research overwhelmingly focused on information security policy compliance and under explored the role of organizational context in shaping information security behaviors. To address this research gap, this study integrated two threads of literature: organizational culture, and information security behavior control, and proposed a framework that integrates mid-range theories used in empirical research, connects them to organizational culture, and predicts its role in information security behavior control. Consistent with the cultural-fit perspective, this framework shows that information security policy compliance fits hierarchical culture and the approach of promoting positive, proactive, and emerging information security behaviors fits participative culture. Contributions and practical implications of this framework, together with future research directions, are discussed.

Work ethic and information security behavior

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Thiagarajan Ramakrishnan ◽  
Dwight M. Hite ◽  
Joseph H. Schuessler ◽  
Victor Prybutok
Keyword(s):  
Information Security ◽  
Work Ethic ◽  
Training Needs ◽  
Equation Modeling ◽  
Content Type ◽  
Data Breaches ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Employment Screening ◽  
New Hires

Purpose Information security is a growing issue that impacts organizations in virtually all industries, and data breaches impact millions of customers and cost organizations millions of dollars. Within the past several years alone, huge data breaches have been experienced by organizations such as Marriot, Equifax, eBay, JP Morgan Chase, Home Depot, Target and Yahoo, the latter of which impacted three billion users. This study aims to examine the utilization of pre-employment screening to identify potential hires that may require enhanced information security training to avoid such costs. Design/methodology/approach The authors hypothesize that an individual’s work ethic predicts a person’s information security behavior. The authors test this hypothesis using structural equation modeling with bootstrapping techniques. Findings Data analysis suggests that certain dimensions of work ethic do indeed predict information security posture, and thus, simple pre-employment screening techniques (i.e. questionnaires) can aid in identifying potential security threats. Practical implications The findings provide a tool for identifying problematic employee security posture prior to hiring, which may be useful in identifying training needs for new hires. Originality/value The findings provide a tool for identifying problematic employee security posture prior to hiring, which may be useful in identifying training needs for new hires.

scholarly journals Impact of digital nudging on information security behavior: an experimental study on framing and priming in cybersecurity

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Kavya Sharma ◽  
Xinhui Zhan ◽  
Fiona Fui-Hoon Nah ◽  
Keng Siau ◽  
Maggie X. Cheng
Keyword(s):  
Experimental Study ◽  
Information Security ◽  
Dual Process ◽  
Security Risks ◽  
Content Type ◽  
Perceived Severity ◽  
Information Security Behavior ◽  
Security Behavior ◽  
Digital Nudging ◽  
The Impact

PurposePhishing attacks are the most common cyber threats targeted at users. Digital nudging in the form of framing and priming may reduce user susceptibility to phishing. This research focuses on two types of digital nudging, framing and priming, and examines the impact of framing and priming on users' behavior (i.e. action) in a cybersecurity setting. It draws on prospect theory, instance-based learning theory and dual-process theory to generate the research hypotheses.Design/methodology/approachA 3 × 2 experimental study was carried out to test the hypotheses. The experiment consisted of three levels for framing (i.e. no framing, negative framing and positive framing) and two levels for priming (i.e. with and without priming).FindingsThe findings suggest that priming users to information security risks reduces their risk-taking behavior, whereas positive and negative framing of information security messages regarding potential consequences of the available choices do not change users' behavior. The results also indicate that risk-averse cybersecurity behavior is associated with greater confidence with the action, greater perceived severity of cybersecurity risks, lower perceived susceptibility to cybersecurity risks resulting from the action and lower trust in the download link.Originality/valueThis research shows that digital nudging in the form of priming is an effective way to reduce users' exposure to cybersecurity risks.

Sign in / Sign up

Export Citation Format

Share Document