What Drives Information Security Policy Violations among Banking Employees?

2015 ◽  
Vol 23 (1) ◽  
pp. 44-64 ◽  
Author(s):  
Pei-Lee Teh ◽  
Pervaiz K. Ahmed ◽  
John D'Arcy
Keyword(s):  
Organizational Commitment ◽  
Information Security ◽  
Role Conflict ◽  
Social Exchange ◽  
Security Policy ◽  
Role Ambiguity ◽  
Social Exchange Theory ◽  
Information Security Policy ◽  
Neutralization Theory ◽  
Neutralization Techniques

Employees' information security policy (ISP) violations are a major problem that plagues organizations worldwide, particularly in the banking/financial sector. Research shows that employees use neutralization techniques to rationalize their ISP violating behaviors; it is therefore important to understand what leads to and influences these neutralization techniques. The authors' study draws upon social exchange theory to develop a set of factors that drive employees' neutralization of ISP violations. The model specifies previously untested relationships between job satisfaction, organizational commitment, role conflict, role ambiguity, and neutralization techniques. Using a sample of Malaysian banking employees, the authors found a positive relationship between role conflict and neutralization of ISP violations, whereas organizational commitment was negatively related to neutralization in this context. The authors' findings offer fresh insights for scholars and practitioners in dealing with the problem of employees' intentional ISP violations while extending the reach of neutralization theory beyond North American and European cultures.

scholarly journals An Integrative Behavioral Model of Information Security Policy Compliance

2014 ◽  
Vol 2014 ◽  
pp. 1-12 ◽  
Author(s):  
Sang Hoon Kim ◽  
Kyung Hoon Yang ◽  
Sunyoung Park
Keyword(s):  
Information System ◽  
Information Security ◽  
Security Policy ◽  
System Security ◽  
Behavioral Model ◽  
Information Security Policy ◽  
Information System Security ◽  
Neutralization Theory ◽  
Information Security Policy Compliance ◽  
Security Policy Compliance

The authors found the behavioral factors that influence the organization members’ compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members’ attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members’ compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members’ neutralization intention to violate information security policy should be emphasized.

Ensuring employees' information security policy compliance by carrot and stick: the moderating roles of organizational commitment and gender

2021 ◽  
Vol ahead-of-print (ahead-of-print) ◽  
Author(s):  
Chenhui Liu ◽  
Huigang Liang ◽  
Nengmin Wang ◽  
Yajiong Xue
Keyword(s):  
Organizational Commitment ◽  
Information Security ◽  
Security Policy ◽  
Partial Least Square ◽  
Least Square ◽  
Information Security Policy ◽  
Content Type ◽  
Reward Expectancy ◽  
And Gender ◽  
Reward And Punishment

PurposeEmployees’ information security policy (ISP) compliance exerts a significant strain on information security management. Drawing upon the compliance theory and control theory, this study attempts to examine the moderating roles of organizational commitment and gender in the relationships between reward/punishment expectancy and employees' ISP compliance.Design/methodology/approachUsing survey data collected from 310 employees in Chinese organizations that have formally adopted information security policies, the authors applied the partial least square method to test hypotheses.FindingsPunishment expectancy positively affects ISP compliance, but reward expectancy has no significant impact on ISP compliance. Compared with committed employees, both reward expectancy and punishment expectancy have stronger impacts on low-commitment employees' ISP compliance. As for gender differences, punishment expectancy exerts a stronger effect on females' ISP compliance than it does on males.Originality/valueBy investigating the moderating roles of organizational commitment and gender, this paper offers a deeper understanding of reward and punishment in the context of ISP compliance. The findings reveal that efforts in building organizational commitment will reduce the reliance on reward and punishment, and further controls rather than the carrot and stick should be applied to ensure male employees' ISP compliance.

scholarly journals SECURITY POLICY COMPLIANCE IN PUBLIC INSTITUTIONS: AN INTEGRATIVE APPROACH

2018 ◽  
Vol 2 (1) ◽  
pp. 13-28
Author(s):  
Daniel Koloseni ◽  
Chong Yee Lee ◽  
Gan Ming Lee
Keyword(s):  
Organizational Commitment ◽  
Information Security ◽  
Security Policy ◽  
Structural Equation ◽  
Public Organizations ◽  
Security Policies ◽  
Integrative Approach ◽  
Security Awareness ◽  
Information Security Policy ◽  
Information Security Awareness

The success of organizational information security policies depends on employee’s continuous compliance from the time when it was first introduced into the organization. Hence, the purpose of this study is to investigate continuous compliance with information security policy among public organizations. Data were collected from 265 employees working in Tanzania public organizations. Data analysis employed a Structural Equation Modelling (SEM) approach. The study found that the effects of organizational commitment, perceived susceptibility and perceived severity have a positive influence on employee’s continuance intention to comply with security policies, while perceived barriers have a negative influence. Moreover, the effects of perceived benefits, self-efficacy, cues and information security awareness have no significant influence. Based on these findings, recommendations were given. There is a paucity of empirical research which investigates key issues that may influence information security policy continuous compliance in organizations. This study addresses this research gap, by integrating the Health Belief Model (HBM) with employee’s organizational commitment and information security awareness constructs to investigate information security policy continuance compliance in organizations.

Information security policy as an element of cyberspace protection

2021 ◽  
pp. 37-43
Author(s):  
M. M. Taraskin ◽  
S. A. Matyunin ◽  
Yu. I. Kovalenko
Keyword(s):  
Information Security ◽  
Security Policy ◽  
Information Security Policy

scholarly journals Validity of information security policy models

2004 ◽  
Vol 16 (3) ◽  
pp. 263-274 ◽  
Author(s):  
Joshua Onome Imoniana
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Security Policy ◽  
Chief Executive ◽  
Theoretical Models ◽  
Information Security Policy ◽  
Security Officer ◽  
Continuity Planning ◽  
Policy Models ◽  
Inclusive Business

Validity is concerned with establishing evidence for the use of a method to be used with a particular set of population. Thus, when we address the issue of application of security policy models, we are concerned with the implementation of a certain policy, taking into consideration the standards required, through attribution of scores to every item in the research instrument. En today's globalized economic scenarios, the implementation of information security policy, in an information technology environment, is a condition sine qua non for the strategic management process of any organization. Regarding this topic, various studies present evidences that, the responsibility for maintaining a policy rests primarily with the Chief Security Officer. The Chief Security Officer, in doing so, strives to enhance the updating of technologies, in order to meet all-inclusive business continuity planning policies. Therefore, for such policy to be effective, it has to be entirely embraced by the Chief Executive Officer. This study was developed with the purpose of validating specific theoretical models, whose designs were based on literature review, by sampling 10 of the Automobile Industries located in the ABC region of Metropolitan São Paulo City. This sampling was based on the representativeness of such industries, particularly with regards to each one's implementation of information technology in the region. The current study concludes, presenting evidence of the discriminating validity of four key dimensions of the security policy, being such: the Physical Security, the Logical Access Security, the Administrative Security, and the Legal & Environmental Security. On analyzing the Alpha of Crombach structure of these security items, results not only attest that the capacity of those industries to implement security policies is indisputable, but also, the items involved, homogeneously correlate to each other.

Sign in / Sign up

Export Citation Format

Share Document