The Influence of Information Security Policy Goal, Deterrence, and Trust on Organizational Commitment and Information Security Compliance

2021 ◽  
Vol 34 (2) ◽  
pp. 407-434
Author(s):  
Inho Hwang ◽  
Sungho Hu
Keyword(s):  
Organizational Commitment ◽  
Information Security ◽  
Security Policy ◽  
Policy Goal ◽  
Information Security Policy ◽  
Security Compliance

Building an awareness-centered information security policy compliance model

2019 ◽  
Vol 120 (1) ◽  
pp. 231-247 ◽  
Author(s):  
Alex Koohang ◽  
Jonathan Anderson ◽  
Jeretta Horn Nord ◽  
Joanna Paliszkiewicz
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Path Modeling ◽  
Information Security Policy ◽  
Content Type ◽  
Security Issues ◽  
Compliance Model ◽  
Security Compliance ◽  
Trusting Beliefs ◽  
Practical Implications

Purpose The purpose of this paper is to build an awareness-centered information security policy (ISP) compliance model, asserting that awareness is the key to ISP compliance and that awareness depends upon several variables that influence successful ISP compliance. Design/methodology/approach The authors built a model with seven constructs, i.e., leadership, trusting beliefs, information security issues awareness (ISIA), ISP awareness, understanding resource vulnerability, self-efficacy (SE) and intention to comply. Seven hypotheses were stated. A sample of 285 non-management employees was used from various organizations in the USA. The authors used path modeling to analyze the data. Findings The findings indicated that IS awareness depends on effective organizational leadership and elevated employees’ trusting beliefs. The understanding of resource vulnerability (URV) and SE are influenced by IS awareness resulting from effective leadership and elevated employees’ trusting beliefs which guide employees to comply with ISP requirements. Practical implications Practical implications were aimed at organizations embracing an awareness-centered information security compliance program to secure organizations’ assets against threats by implementing various security education and training awareness programs. Originality/value This paper asserts that awareness is central to ISP compliance. Leadership and trusting beliefs variables play significant roles in the information security awareness which in turn positively affect employees’ URV and SE variables leading employees to comply with the ISP requirements.

scholarly journals The effect of perceived organizational culture on employees’ information security compliance

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Martin Karlsson ◽  
Fredrik Karlsson ◽  
Joachim Åström ◽  
Thomas Denk
Keyword(s):  
Organizational Culture ◽  
Information Security ◽  
Security Policy ◽  
Organizational Cultures ◽  
Policy Compliance ◽  
Information Security Policy ◽  
Content Type ◽  
Security Compliance ◽  
Information Security Policy Compliance ◽  
Security Policy Compliance

Purpose This paper aims to investigate the connection between different perceived organizational cultures and information security policy compliance among white-collar workers. Design/methodology/approach The survey using the Organizational Culture Assessment Instrument was sent to white-collar workers in Sweden (n = 674), asking about compliance with information security policies. The survey instrument is an operationalization of the Competing Values Framework that distinguishes between four different types of organizational culture: clan, adhocracy, market and bureaucracy. Findings The results indicate that organizational cultures with an internal focus are positively related to employees’ information security policy compliance. Differences in organizational culture with regards to control and flexibility seem to have less effect. The analysis shows that a bureaucratic form of organizational culture is most fruitful for fostering employees’ information security policy compliance. Research limitations/implications The results suggest that differences in organizational culture are important for employees’ information security policy compliance. This justifies further investigating the mechanisms linking organizational culture to information security compliance. Practical implications Practitioners should be aware that the different organizational cultures do matter for employees’ information security compliance. In businesses and the public sector, the authors see a development toward customer orientation and marketization, i.e. the opposite an internal focus, that may have negative ramifications for the information security of organizations. Originality/value Few information security policy compliance studies exist on the consequences of different organizational/information cultures.

Ensuring employees' information security policy compliance by carrot and stick: the moderating roles of organizational commitment and gender

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Chenhui Liu ◽  
Huigang Liang ◽  
Nengmin Wang ◽  
Yajiong Xue
Keyword(s):  
Organizational Commitment ◽  
Information Security ◽  
Security Policy ◽  
Partial Least Square ◽  
Least Square ◽  
Information Security Policy ◽  
Content Type ◽  
Reward Expectancy ◽  
And Gender ◽  
Reward And Punishment

PurposeEmployees’ information security policy (ISP) compliance exerts a significant strain on information security management. Drawing upon the compliance theory and control theory, this study attempts to examine the moderating roles of organizational commitment and gender in the relationships between reward/punishment expectancy and employees' ISP compliance.Design/methodology/approachUsing survey data collected from 310 employees in Chinese organizations that have formally adopted information security policies, the authors applied the partial least square method to test hypotheses.FindingsPunishment expectancy positively affects ISP compliance, but reward expectancy has no significant impact on ISP compliance. Compared with committed employees, both reward expectancy and punishment expectancy have stronger impacts on low-commitment employees' ISP compliance. As for gender differences, punishment expectancy exerts a stronger effect on females' ISP compliance than it does on males.Originality/valueBy investigating the moderating roles of organizational commitment and gender, this paper offers a deeper understanding of reward and punishment in the context of ISP compliance. The findings reveal that efforts in building organizational commitment will reduce the reliance on reward and punishment, and further controls rather than the carrot and stick should be applied to ensure male employees' ISP compliance.

What Drives Information Security Policy Violations among Banking Employees?

2015 ◽  
Vol 23 (1) ◽  
pp. 44-64 ◽  
Author(s):  
Pei-Lee Teh ◽  
Pervaiz K. Ahmed ◽  
John D'Arcy
Keyword(s):  
Organizational Commitment ◽  
Information Security ◽  
Role Conflict ◽  
Social Exchange ◽  
Security Policy ◽  
Role Ambiguity ◽  
Social Exchange Theory ◽  
Information Security Policy ◽  
Neutralization Theory ◽  
Neutralization Techniques

Employees' information security policy (ISP) violations are a major problem that plagues organizations worldwide, particularly in the banking/financial sector. Research shows that employees use neutralization techniques to rationalize their ISP violating behaviors; it is therefore important to understand what leads to and influences these neutralization techniques. The authors' study draws upon social exchange theory to develop a set of factors that drive employees' neutralization of ISP violations. The model specifies previously untested relationships between job satisfaction, organizational commitment, role conflict, role ambiguity, and neutralization techniques. Using a sample of Malaysian banking employees, the authors found a positive relationship between role conflict and neutralization of ISP violations, whereas organizational commitment was negatively related to neutralization in this context. The authors' findings offer fresh insights for scholars and practitioners in dealing with the problem of employees' intentional ISP violations while extending the reach of neutralization theory beyond North American and European cultures.

scholarly journals SECURITY POLICY COMPLIANCE IN PUBLIC INSTITUTIONS: AN INTEGRATIVE APPROACH

2018 ◽  
Vol 2 (1) ◽  
pp. 13-28
Author(s):  
Daniel Koloseni ◽  
Chong Yee Lee ◽  
Gan Ming Lee
Keyword(s):  
Organizational Commitment ◽  
Information Security ◽  
Security Policy ◽  
Structural Equation ◽  
Public Organizations ◽  
Security Policies ◽  
Integrative Approach ◽  
Security Awareness ◽  
Information Security Policy ◽  
Information Security Awareness

The success of organizational information security policies depends on employee’s continuous compliance from the time when it was first introduced into the organization. Hence, the purpose of this study is to investigate continuous compliance with information security policy among public organizations. Data were collected from 265 employees working in Tanzania public organizations. Data analysis employed a Structural Equation Modelling (SEM) approach. The study found that the effects of organizational commitment, perceived susceptibility and perceived severity have a positive influence on employee’s continuance intention to comply with security policies, while perceived barriers have a negative influence. Moreover, the effects of perceived benefits, self-efficacy, cues and information security awareness have no significant influence. Based on these findings, recommendations were given. There is a paucity of empirical research which investigates key issues that may influence information security policy continuous compliance in organizations. This study addresses this research gap, by integrating the Health Belief Model (HBM) with employee’s organizational commitment and information security awareness constructs to investigate information security policy continuance compliance in organizations.

Sign in / Sign up

Export Citation Format

Share Document