Akankhya Panda

DOI: https://doi.org/10.55041/ijsrem25258

2023-08-16

INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT

Abstract:In work settings, different leadership styles significantly impact employee well-being, potentially leading to improved health or heightened stress levels. This research posits that leadership focused on providing security can serve as a crucial asset in mitigating employee job burnout. The study explores the correlation between employees' perceptions of their leaders' security-oriented leadership and their experience of job-related burnout. This research explores how security- providing leaders impact burnout, highlighting the mediating roles of organizational climate (psychological safety) and organizational dehumanization. The study surveyed 655 Spanish employees (53.7% women) through non- discriminative snowball sampling. Using Partial Least Squares Structural Equation Modeling (PLS-SEM), results confirm a negative link between security-providing leadership and burnout. The study also finds that this relationship is influenced by psychological safety climate and organizational dehumanization. These findings support attachment-based leadership, indicating ways to create better organizational environments. Leaders focusing on security enhance employee well-being by promoting psychological safety and reducing organizational dehumanization, thus mitigating job burnout. Key Words: leadership; attachment theory; security provider; organizational climate; organizational dehumanization, burnout.

Kholekile L. Gwebu,Jing Wang,Michael Y. Hu

DOI: https://doi.org/10.1111/isj.12257

2020-01-01

Abstract:Despite the significant advancements made in understanding the factors that drive employees' compliance and noncompliance behaviours with information security policy (ISP), less is known about how different factors interact to impact such behaviours. Having been drawn on the social information processing theory, this research develops an integrative model that investigates how ethical work climate, beliefs, and neutralization interact to jointly explain ISP noncompliance. The model is tested via a survey of a broad cross section of employees. Neutralization, perceived cost of compliance, and perceived cost of noncompliance are found to significantly impact ISP noncompliance. Egoistic, benevolent, and principled climates are found to differentially influence neutralization and individuals' cognitive beliefs about the cost and benefit of ISP compliance versus noncompliance. Neutralization appears to be a more important moderator of the belief‐noncompliance relationship than the principled climate.

Xue Yang,Wei T. Yue,Choon Lin Sia

DOI: https://doi.org/10.1007/978-3-642-29873-8_17

2012-01-01

Abstract:IS security policy is one of the essential tools to ensure the secure use of information systems and technological assets. To enhance the effectiveness of policy implementation, organizations rely on security training, education and awareness (STEA) programs to help employees understand the IS security issues of the organization. However, different levels of STEA informativeness may have conflicting effects on employees' compliance decisions. In addition, the urgency of a task may also lead employees to abandon the compliance decision occasionally. The existing corporate information security policy (ISP) could also serve as a deterrence message that would influence compliance decisions. An experimental survey was conducted to examine this phenomenon and test the related hypotheses. The results of this study can be used to inform and guide researchers and practitioners as to how to better enforce an IS security policy through better implementation of STEA programs and improved design of ISP in different task scenarios.

Saif Hussein Abdallah Alghazo,Norshima Humaidi,Shereen Noranee

DOI: https://doi.org/10.22610/imbr.v15i1(i)si.3408

2023-05-11

Information Management and Business Review

Abstract:Cybersecurity threats are a serious issue faced by many organizations in this new information era. Therefore, security leaders play a significant role not only to ensure that all their employees are practicing good security behavior to protect organizational information assets but also to ensure that security technology has been installed properly to protect network infrastructure. This study aims to examine cybersecurity protective behavior (CPB) among employees in the organization and focus on the role of leadership competencies and information security countermeasure awareness. The questionnaires were distributed via email and self-administered, and the study managed to obtain 245 responses. Partial Least Squares-Structural Equation Modeling (PLS-SEM) analysis was used to analyze the final data. Confirmatory factor analysis (CFA) testing shows that all the measurement items of each construct were adequate in their validity individually based on their factor loading value. Moreover, each construct is valid based on its parameter estimates and statistical significance. The research findings show that Procedural Information Security Countermeasure (PCM) awareness strongly influences CPB compared to a leader's information security competencies (ISI). Meanwhile, ISI significantly influences PCM awareness. This study adapts the theory of leadership competencies in the context of cybersecurity, which is particularly beneficial to any industry in improving organizational information security strategic plans.

Soohyun Jeon,Insoo Son,Jinyoung Han

DOI: https://doi.org/10.1108/itp-05-2018-0256

2020-05-12

Information Technology and People

Abstract:Purpose Employee compliance with information system security policies (ISSPs) has been emphasized as a key factor in protecting information assets against insider threats. Even though previous studies have identified extrinsic factors (in the form of external pressure, rewards and social norms) influencing employee compliance, the functioning of employees' intrinsic motivation has not been clearly analyzed. Thus, the aim of this study is to explore the influence of intrinsic motivations on employees' ISSP compliance. Design/methodology/approach This study follows a survey approach and conducts structural equation modeling using WarpPLS 5.0 to test the research model and hypotheses. The survey respondents are users of an enterprise digital rights management (EDRM) system. Findings The analysis results demonstrate that work impediments, perceived responsibility and self-efficacy significantly influence the intention to comply with ISSP. Additionally, autonomy significantly affects self-efficacy and perceived responsibility. Furthermore, autonomy plays a moderating role in the relationship between work impediment and ISSP compliance intentions. Originality/value This study initiatively explores the effect of intrinsic motivations on ISSP compliance intention of employees for a specific information security system (i.e. the EDRM system). This study clarifies the enabling role of intrinsic motivations in ISSP compliance and helps organizations to understand that employee's self-motivated intention, i.e. autonomy, is an essential factor that achieves a higher level of ISSP compliance in the workplace.

information science & library science

Alex Koohang,Alojzy Nowak,Joanna Paliszkiewicz,Jeretta Horn Nord

DOI: https://doi.org/10.1080/08874417.2019.1668738

2019-12-19

Journal of Computer Information Systems

Abstract:The purpose of this study was to find out which one of the four selected predictor variables, i.e., leadership, trusting beliefs, role values, and information security policy awareness are most influential in predicting employees' intention to comply with organizational information security policy. An instrument with five constructs was administered to subjects from a higher-education university in the USA. Collected data were methodically examined through multiple regression analysis. Results indicated that all four predictor variables were influential in predicting employees' intention to comply with organizational information security policy requirements. Implications of the findings are discussed and recommendations for future research are made.

computer science, information systems

Xiaofeng Chen,Liqiang Chen,Dazhong Wu

DOI: https://doi.org/10.1080/08874417.2016.1258679

2016-12-27

Journal of Computer Information Systems

Abstract:Information security policy (ISP) plays an important role in information security management in organizations. Past research investigated various factors that may impact employee behavior toward security policy compliance from the perspective of general deterrence theory (GDT), protection and motivation Theory (PMT), and rational choice theory (RCT). However, there is no unifying foundation/framework that examines all of those factors in a harmonic way so that the research findings can guide information security practices and research into the employee ISP compliance management context. Additionally, prior findings provided mixed results. This study proposes a research model based on the awareness-motivation-capability (AMC) framework, aiming to unify the factors to predict employee ISP compliance intention. We believe that a harmonic approach in managing employee ISP compliance can create optimal outcomes.

computer science, information systems

Mansour Naser Alraja,Usman Javed Butt,Maysam Abbod

DOI: https://doi.org/10.1016/j.cose.2023.103208

IF: 5.105

2023-06-01

Computers & Security

Abstract:Information security threats have a severe negative impact on enterprises. Organizations rely on employee compliance with information security policies to eliminate or reduce these hazards. The Unified Model of Information Security Policies Compliance (UMISPC) is employed to identify the factors that may affect employees' intention towards compliance with information systems security policy and reactance in a global setting. The study was assessed in two phases. The model's validity and measurement reliability were evaluated in the first phase, while in the second phase, all preliminary model relationships were appraised. This was achieved utilizing structural equation modelling to establish whether the proposed constructs, i.e. neutralization, response efficacy, fear, threat, habit and role values were good predictors for intention or reactance towards compliance with information systems security policy. Participants included 348 employees from 7 nations, i.e. the USA, the UK, Oman, India, Pakistan, Malaysia, and the Philippines. SmartPLS v. 3.3.9 was used for data analysis. The models' measurement reliability and validity were affirmed. Fear and role values have a significant influence on intention toward ISPC. RE significantly predicted threat which in turn significantly predicted fear, and the latter demonstrated a significant effect on reactance as well as Neutralization predicted reactance. In contrast, habit failed to reach a significant influence on intention towards ISPC. The implications are presented, together with proposals for further studies. Our findings are helpful for ISS literature and application by supporting the crucial functions of role values in encouraging employees to behave in a compliant manner. Additionally, it is regarded as the first empirical attempt to estimate intended compliance concerning ISPs in higher education from a worldwide viewpoint.

computer science, information systems

Chao-Min Chiu,Hsiang-Lan Cheng,Jack Shih-Chieh Hsu,Chiew Mei Tan,Chiung Hui Huang

DOI: https://doi.org/10.1080/10447318.2024.2422757

IF: 4.92

2024-11-20

International Journal of Human-Computer Interaction

Abstract:Drawing upon the attitude theory, this study theorizes that commitment affects loafing behaviors and ISP compliance. Further, drawing upon the transfer theory, this study adopts the concepts of loafing and commitment transfer in order to explore whether social loafing will enhance employee cyberloafing and whether organizational commitment can enhance ISP commitment, both of which, in turn, influence ISP compliance intention. This study utilized structural equation modeling (SEM) to analyze survey data collected in July 2023 from 361 Taiwanese individuals affiliated with organizations or companies. The results show that social loafing has a strong positive effect on cyberloafing, which, in turn, has a strong negative effect on ISP compliance intention. Organizational commitment has a strong positive effect on ISP commitment, which, in turn, has a strong positive effect on ISP compliance intention. In addition, distortion of consequences moderates the relationship between social loafing and cyberloafing. Advantageous comparison moderates the relationship between cyberloafing and ISP compliance intention.

computer science, cybernetics,ergonomics

Carlos I. Torres,Robert E. Crossler

DOI: https://doi.org/10.1287/isre.2021.0563

IF: 4.9

2024-07-01

Information Systems Research

Abstract:Organizations worldwide face critical concerns related to cybersecurity threats and information security policy (ISP) compliance. Even though humans are the weakest link in the cybersecurity chain, information security professionals understand the importance of promoting individual information security behaviors because employees are also the first line of defense against ever-increasing cyber threats. Despite a recent trend of working from home, organizations do not make significant differences in their information security interventions for remote workers, relying mainly on VPNs as the only used tool, essentially making employees follow in-office standard information security policies because they are “virtually in-office.” Our study suggests that organizations need to recognize the unique context of remote work and consider personal motivations when shaping information security practices. Furthermore, our study indicates that in order to motivate remote employees to follow secure information security practices, organizations should consider personal characteristics instead of focusing on generic interventions. For instance, our study compares onsite and remote workers, suggesting that personal values are more relevant in remote work settings. Our findings exemplify just one of the many potential personal characteristics to be considered, highlighting how personal values are important motivators for ISP compliance and how they differ for onsite and remote workers in their importance when following information security rules.

information science & library science,management

Ying Li,Ting Pan,Nan Zhang,Nan (Andy) Zhang

DOI: https://doi.org/10.1108/jeim-01-2019-0018

2019-09-23

Journal of Enterprise Information Management

Abstract:Purpose This paper is to investigate how employees respond to information security policies (ISPs) when they view the policies as a challenge rather than a hindrance to work. Specifically, the authors examine the roles of challenge security demands (i.e. continuity and mandatory) and psychological resources (i.e. personal and job resources) in influencing employees’ ISP non-compliance. Design/methodology/approach Applying a hypothetical scenario-based survey method, the authors tested our proposed model in six typical ISPs violation scenarios. In sum, 347 responses were collected from a global company. The data were analyzed using partial least square-based structural equation model. Findings Findings indicated that continuity and mandatory demands increased employees’ level of perseverance of effort, which, in turn, decreased their ISPs non-compliance intention. In addition, job resources, such as the trust enhancement gained from co-workers and the opportunities for professional development, enhanced the perseverance of effort. Practical implications The findings offer implications to practice by suggesting that organizations should design training programs to persuade employees to understand the ISPs in a positive way. Meanwhile, organizations should encourage employees to invest more personal resources by creating a trusting atmosphere and providing them opportunities to learn security knowledge and skills. Originality/value This study is among the few to empirically explore how employees respond and behave when they view the security policies as challenge stressors. The paper also provides a novel understanding of how psychological resources contribute to buffering ISP non-compliance.

information science & library science,management

Inho Hwang,Robin Wakefield,Sanghyun Kim,Taeha Kim

DOI: https://doi.org/10.1080/08874417.2019.1650676

2019-08-13

Journal of Computer Information Systems

Abstract:In this study, we use the attentional phase of social learning theory to link workplace security-related experiences and observations to employees' security awareness. The responses of 398 organizational employees serve to test our research model using structural equational modeling with AMOS 22.0. The results show security awareness arises from both explicit and subjective security experiences in the workplace. Our respondents indicate knowledge of a physical system has little, if any, effect on security awareness. However, security education, policy, visibility and managerial security participation are important for producing security awareness. Furthermore, managerial participation strengthens the links between organizational security efforts and security awareness. We discuss the implications of our study for future security compliance research and practice.

computer science, information systems

Wenqin Li,Rongmin Liu,Linhui Sun,Zigu Guo,Jie Gao

DOI: https://doi.org/10.3390/ijerph192316038

IF: 4.614

2022-12-01

International Journal of Environmental Research and Public Health

Abstract:Employee security compliance behavior has become an important safeguard to protect the security of corporate information assets. Focusing on human factors, this paper discusses how to regulate and guide employees' compliance with information security systems through effective methods. Based on protection motivation theory (PMT), a model of employees' intention to comply with the information security system was constructed. A questionnaire survey was adopted to obtain 224 valid data points, and SPSS 26.0 was applied to verify the hypotheses underlying the research model. Then, based on the results of a regression analysis, fuzzy set qualitative comparative analysis (fsQCA) was used to explore the conditional configurations that affect employees' intention to comply with the information security system from a holistic perspective. The empirical results demonstrated that perceived severity, perceived vulnerability, response efficacy, and self-efficacy all positively influenced the employees' intention to comply with the information security system; while rewards and response costs had a negative effect. Threat appraisal had a greater effect on employees' intention to comply with the information security system compared to response appraisal. The fsQCA results showed that individual antecedent conditions are not necessary to influence employees' intention to comply with an information security system. Seven pathways exist that influence an employees' intention to comply with an information security system, with reward, self-efficacy, and response cost being the core conditions having the highest probability of occurring in each configuration of pathways, and with perceived severity and self-efficacy appearing in the core conditions of configurations with an original coverage greater than 40%. Theoretically, this study discusses the influence of the elements of PMT on employees' intention to comply with an information security system, reveals the mechanism of influence of the combination of the influencing factors on the outcome variables, and identifies the core factors and auxiliary factors in the condition configurations, providing a new broader perspective for the study of information security compliance behavior and providing some theoretical support for strengthening enterprise security management. Practically, targeted suggestions are proposed based on the research results, to increase the intention of enterprise employees to comply with information security systems, thereby improving the effectiveness of enterprise information security management and the degree of information security in enterprises.

public, environmental & occupational health,environmental sciences

Kuang-Ming Kuo,Paul C. Talley,Dyi-Yih Michael Lin

DOI: https://doi.org/10.1177/00469580211029599

2021-01-01

Abstract:Information security has come to the forefront as an organizational priority since information systems are considered as some of the most important assets for achieving competitive advantages. Despite huge capital expenditures devoted to information security, the occurrence of security breaches is still very much on the rise. More studies are thus required to inform organizations with a better insight on how to adequately promote information security. To address this issue, this study investigates important factors influencing hospital staff’s adherence to Information Security Policy (ISP). Deterrence theory is adopted as the theoretical underpinning, in which punishment severity and punishment certainty are recognized as the most significant predictors of ISP adherence. Further, this study attempts to identify the antecedents of punishment severity and punishment certainty by drawing from upper echelon theory and well-acknowledged international standards of IS security practices. A survey approach was used to collect 299 valid responses from a large Taiwanese healthcare system, and hypotheses were tested by applying partial least squares-based structural equation modeling. Our empirical results show that Security Education, Training, and Awareness (SETA) programs, combined with internal auditing effectiveness are significant predictors of punishment severity and punishment certainty, while top management support is not. Further, punishment severity and punishment certainty are significant predictors of hospital staff’s ISP adherence intention. Our study highlights the importance of SETA programs and internal auditing for reinforcing hospital staff’s perceptions on punishment concerning ISP violation, hospitals can thus propose better internal strategies to improve their staff’s ISP compliance intention accordingly.

Fengjiao Zheng,Naseer Abbas Khan,Muhammad Waseem Abbas Khan

DOI: https://doi.org/10.3389/fpsyg.2021.708016

IF: 3.8

2021-10-11

Frontiers in Psychology

Abstract:During the COVID-19 pandemic, enterprises were obliged to employ social media and digital tools to complete ordinary work. The pandemic has created a series of complexities and challenges, which have hampered harmonic contact between leaders and followers. The indirect relationship between unethical leadership and extra-role behavior (EXB) via psychological empowerment (PYE) is investigated in this study. We also look into the role of perceived organizational support (POS) as a moderator in the link between unethical leadership and PYE, as well as the indirect link between unethical leadership and EXB. Data were obtained from 258 supervisor–employee dyads from various small- and mid-sized information technology (IT) enterprises using time lag data. Unethical leadership has an impact on employee psychological empowerment as well as EXB. The findings of this study indicated that POS also mitigated the negative consequences of unethical leadership on employee psychological empowerment. Similarly, the role of psychological empowerment as a mediator in the link between unethical leadership and employee EXB is influenced by POS. This study will also benefit researchers and practitioners interested in human resource practices in the IT industry.

psychology, multidisciplinary

Junaid Aftab,Huma Sarwar,Alina Kiran,Muhammad Imran Qureshi,Muhammad Ishtiaq Ishaq,Sadaf Ambreen,Arqam Javed Kayani,Junaid Aftab,Huma Sarwar,Alina Kiran,Muhammad Imran Qureshi,Muhammad Ishtiaq Ishaq,Sadaf Ambreen,Arqam Javed Kayani

DOI: https://doi.org/10.1108/ijoem-07-2021-1121

IF: 3.422

2022-04-19

International Journal of Emerging Markets

Abstract:Purpose In the 21st century, spirituality is becoming an interesting phenomenon in the workplace and has been discussed by academicians, researchers, and practitioners alike. This growing knowledge offers important insights and calls for conceptual and empirical studies on workplace spirituality. Accordingly, the current research aims to examine how ethical leadership (EL) helps to foster workplace spirituality and job satisfaction (JS) in the information technology (IT) industry. Additionally, it investigates the mediating role of workplace spirituality and moderating role of self-efficacy (SE) in the relationship between EL and JS. Design/methodology/approach Using a cross-sectional design, the data were collected from 268 employees in the IT industry and analyzed on SmartPLS 3.2 using structural equation modeling. Findings The findings indicated that EL promotes a sense of spirituality and increases JS. Additionally, results suggested that workplace spirituality partially mediates, and SE moderates the relationship between EL and JS. Practical implications The results suggest that the top executives should work on identifying and developing ethical qualities to promote a sense of meaningfulness (workplace spirituality) and increase JS. Originality/value The research provides an important contribution to the academic literature by exploring the role of EL in fostering spirituality among employees and the moderation of SE on the relationship between EL and JS in the services industry.

management,business,economics

Jian Peng,Nan Hou,Yanchun Zou,Ruizhi Long

DOI: https://doi.org/10.1016/j.im.2023.103878

IF: 10.328

2023-10-29

Information & Management

Abstract:The antecedents of employees' cyberloafing (internet use for nonwork purposes during office hours) have become a burgeoning research topic. This research therefore explores how and when participative leadership serves as an important antecedent to employees' cyberloafing. Drawing upon self-concept-based theory, we hypothesize that participative leadership can reduce the cyberloafing of employees with a high need for power by increasing their organization-based self-esteem (OBSE). Analyzing survey data from 212 employee-coworker dyads, we have found that participative leadership is positively related to employees' OBSE, which, in turn, is negatively related to employees' cyberloafing. Moreover, employees' need for power strengthens the relationship between participative leadership and employees' OBSE as well as the indirect relationship between participative leadership and employees' cyberloafing through their OBSE. These relationships are significant (versus nonsignificant) when employees' need for power is high (versus low). Accordingly, this research identifies a novel predictor of employees' cyberloafing and offers insights for organizational leaders aiming to manage employees' cyberloafing wisely.

information science & library science,management,computer science, information systems

Yunsook Hong,Min-Jik Kim,Young Woo Sohn

DOI: https://doi.org/10.3390/su151813910

IF: 3.9

2023-09-20

Sustainability

Abstract:While numerous studies have delved into the ramifications of job insecurity for organizational outcomes, past endeavors have not adequately unveiled the mediating and moderating factors in the connection between job insecurity and safety behavior, especially from a positive psychology standpoint. Furthermore, the interaction between organizational leadership and job insecurity has been underexplored, despite the critical role of leaders during periods of job insecurity. Addressing these research gaps, we have devised a theoretical framework suggesting that meaningfulness of work might act as an intermediary in the link between job insecurity and safety behavior. We also hypothesize that ethical leadership might mitigate the adverse effects of job insecurity on the meaningfulness of work. Data were collected three separate times from 235 employees in the Republic of Korea. Our empirical evidence substantiates that meaningfulness of work indeed serves as a bridge between job insecurity and safety behavior. Additionally, the presence of ethical leadership moderates the interrelation between job insecurity and meaningfulness of work positively, attenuating the detrimental influence of job insecurity. These insights emphasize the fundamental roles of both meaningfulness of work (as a mediator) and ethical leadership (as a moderator) in defining the nexus between job insecurity and safety behavior.

environmental sciences,environmental studies,green & sustainable science & technology

Aristotle Onumo,Irfan Ullah-Awan,Andrea Cullen

DOI: https://doi.org/10.1145/3424282

2021-06-01

ACM Transactions on Management Information Systems

Abstract:The increase in cybersecurity threats and the challenges for organisations to protect their information technology assets has made adherence to organisational security control processes and procedures a critical issue that needs to be adequately addressed. Drawing insight from organisational theory literature, we develop a multi-theory model, combining the elements of the theory of planned behaviour, competing value framework, and technology—organisational and environmental theory to examine how the organisational mechanisms interact with espoused cultural values and employee cognitive belief to influence cybersecurity control procedures. Using a structured questionnaire, we deployed structural equation modelling (SEM) to analyse the survey data obtained from public sector information technology organisations in Nigeria to test the hypothesis on the relationship of socio-organisational mechanisms and techno-cultural factors with other key determinants of employee security behaviour. The results showed that knowledge of cybersecurity and employee cognitive belief significantly influence the employees’ intentions to comply with organisational cybersecurity control mechanisms. The research further noted that the influence of organisational elements such as leadership on employee security behaviour is mediated by espoused cultural values while the impact of employee cognitive belief is moderated by security technologies. For effective cybersecurity compliance, leaders and policymakers are therefore to promote organisational security initiatives that ensure incorporation of cybersecurity principles and practices into job descriptions, routines, and processes. This study contributes to behavioural security research by highlighting the critical role of leadership and cultural values in fostering organisational adherence to prescribed security control mechanisms.

Jiaqing Zhao,Yuxiang Hong,Wenqing Chen,Chouyong Chen

DOI: https://doi.org/10.1080/08874417.2024.2403571

2024-09-19

Journal of Computer Information Systems

Abstract:Combining cognitive and affective influences, as well as considering role-breadth constructs is critical to the study of employees' information security policy (ISP) compliance. This paper presents an improved model by integrating psychological capital (PsyCap), psychological ownership (PsyOwn), and the theory of planned behavior (TPB) based on the Conservation of Resources (COR) theory. A valid sample of 382 Chinese employees was used for model testing. The results imply that PsyCap is an important motivational antecedent to the cognitive decision-making processes theorized by the TPB. Also, PsyOwn moderates the effect of PsyCap on subjective norms, along with ISP compliance attitudes and behavioral intentions. Finally, theoretical contributions and managerial implications are addressed.

computer science, information systems