Kholekile L. Gwebu,Jing Wang,Michael Y. Hu

DOI: https://doi.org/10.1111/isj.12257

2020-01-01

Abstract:Despite the significant advancements made in understanding the factors that drive employees' compliance and noncompliance behaviours with information security policy (ISP), less is known about how different factors interact to impact such behaviours. Having been drawn on the social information processing theory, this research develops an integrative model that investigates how ethical work climate, beliefs, and neutralization interact to jointly explain ISP noncompliance. The model is tested via a survey of a broad cross section of employees. Neutralization, perceived cost of compliance, and perceived cost of noncompliance are found to significantly impact ISP noncompliance. Egoistic, benevolent, and principled climates are found to differentially influence neutralization and individuals' cognitive beliefs about the cost and benefit of ISP compliance versus noncompliance. Neutralization appears to be a more important moderator of the belief‐noncompliance relationship than the principled climate.

Jinyun Duan,Wing Lam,Ziguang Chen,Jian An Zhong

DOI: https://doi.org/10.1109/icmss.2010.5577429

2010-01-01

Social Behavior and Personality An International Journal

Abstract:According to the social identity theory, unfair treatment from superiors may arouse negative identification, which in turn leads to employees' negative behaviors in organizations. This study explored the relationships between leadership justice and two negative organizational behaviors, namely, employee silence and organizational retaliatory behavior, within Chinese context. The study was conducted through a questionnaire-based field investigation, which sampled 361 employees from 17 state-owned enterprises. The results showed that leadership justice was negatively related to employee silence and organizational retaliatory behavior, and that affective commitment partially mediated these relationships. The implications of the findings and future studies were also discussed.

Lin Chen,Zongxiao Xie,Jie Zhen,Kunxiang Dong

DOI: https://doi.org/10.2147/prbm.s359277

IF: 3.974

2022-05-12

Psychology Research and Behavior Management

Abstract:Lin Chen, 1 Zongxiao Xie, 2 Jie Zhen, 3 Kunxiang Dong 4 1 College of Humanities and Law, Shandong University of Science and Technology, Qingdao, 266590, People's Republic of China; 2 China Financial Certification Authority, Beijing, 100054, People's Republic of China; 3 School of Management Science and Engineering, Chongqing Technology and Business University, Chongqing, 400067, People's Republic of China; 4 School of Management Science and Engineering, Shandong University of Finance and Economics, Jinan, 250014, People's Republic of China Correspondence: Zongxiao Xie, China Financial Certification Authority, 20-3, South Street of Caishikou, Xicheng District, Beijing, 100054, People's Republic of China, Tel +86 18901086108, Email Introduction: Information security policy (ISP) compliance of employees has a profound impact on organization. In the context of information technology innovation and information systems upgrade, employees' information security behavior is one of the most crucial elements in the information security management of organizations. Based on the two-dimensional model of challenge−hindrance stressor theory and affective events theory, this study explores the mediating effects of emotions on the relationship between challenge information security stress and ISP compliance. Methods: A field quasi-experimental method was used in this study. Materials include the Challenge Information Security Stress Scale, Information System Security Policy Compliance Scale, and Emotions Scale, which were used to form the two-stage questionnaire surveys. Data of 217 employees from three Chinese companies in Shanghai and Beijing that had passed certifications for information security management system (GB/t22080-2008/ISO/IEC 27001:2005) were collected. Bootstrapping method for multiple mediation models and the Process 3.0 plug-in of SPSS 20.0 were used for data analysis. Results: The findings indicate that challenge information security stress has a positive effect on ISP compliance. Challenge information security stress has a positive effect on positive emotions and a negative effect on negative emotions. Positive emotions have mediating effect between challenge information security stress and ISP compliance, but negative emotions have no mediating effect. Conclusion: The research results expand the research scope of challenging stress in the two-dimensional model of challenge−hindrance stressor theory in the context of organizational information security. The findings reveal the mediating effect of positive emotions in challenge information security stress and ISP compliance relationship, which provides empirical support for the application of positive psychology in the field of management. Keywords: challenge information security stress, information security policy compliance, positive emotions, negative emotions Organizations increasingly use information technology, which has become the key resource for an organization. An organization needs to ensure that information is not disclosed or inadvertently modified. 1,2 In addition to technical means, the most basic way to protect the information resources of an organization is to formulate an ISP to regulate the information security behaviors of employees. In the past 30 years, most information system researchers have focused on ISP violations. 3–5 Recently, an increasing number of researches have explored the influence mechanism of ISP compliance, 6–8 and with the continuous improvement of enterprise information security, the growing attention given to information security has brought stress to employees. In particular, when the security requirements of ISP exceed employees' working ability, it will cause employees to feel information security stress. 9,10 According to challenge-hindrance stressor theory, 11,12 the positive components of information security stress are shown as challenge information security stress, which refers to the stress caused by work requirements that can bring individual growth opportunities or benefits to employees in the information security workflow. However, not much work has been done to explore the relationship between employees' challenge information security stress and their ISP compliance. Thus, this study aims to explore how challenge information security stress influence ISP compliance. Collectively, most prior studies are based on deterrence theory, protection motivation theory, rational choice theory, and theory of planned behavior to explore the influencing factors that lead to information security compliance and violation. However, limited research is available on its moderation effect and mediation effe -Abstract Truncated-

psychology, clinical, multidisciplinary

Yajun Zhang,Jinlong Zhang,Junwei Zhang

DOI: https://doi.org/10.3969/j.issn.1672-0334.2015.02.008

2015-01-01

Journal of Management Science

Abstract:User resistance has been a hot topic in information systems field recently .Quite a considerable number of scholars have devoted themselves into the exploration of the new paradigm .Specifically , main researches have focused on investigating the effects of personality traits , systematic characteristics , negative emotions , cognitive differences , negative expectations , organiza-tional support , and technical or social changes on user resistance while ignoring the impacts of job insecurity .In addition, insuf-ficient focus has been attended to empirical research but to case studies in this field .To fill the gap, this paper aims to analyze the influencing mechanism of job insecurity on user resistance to information systems implementation from emotions and cultural values perspectives .Drawing on stress-emotions theory and affective events theory , we propose that positive and negative emo-tions will mediate the relationship between job insecurity and user resistance .We also propose that uncertainty avoidance will moderate the process that job insecurity exerts positive influence on user resistance . We selected the end-users of information systems and their direct supervisor as research subjects .To avoid the common method variance , the questionnaire was divided into two parts .End-users completed the first part while their direct supervisor completed the second part.Between May and July 2014, we distributed questionnaires to 12 enterprises located in Wuhan, Zhengzhou, Xuchang and Anyang in China , and 266 sets of paired data were gathered finally .SPSS 19.0 and AMOS 17.0 were used to con-duct confirmatory factor analysis , descriptive statistic analysis , internal consistency test etc .We employed multiple hierarchical regression method to analyze the mediating effects of positive and negative emotions and the moderating effects of uncertainty a -voidance . The results indicated that job insecurity had a significantly positive effects on user resistance while positive and negative emotions played a totally mediating role in the relationship between job insecurity and user resistance .Uncertainty avoidance negatively moderated the relationship between job insecurity and positive emotions , that is, the negative relationship between job insecurity and positive emotions would be stronger when users had higher uncertainty avoidance while positively moderated the relationship between job insecurity and user resistance , that is, the positive relationship between job insecurity and user resistance would be stronger when users had higher uncertainty avoidance .Furthermore, uncertainty avoidance positively moderated the indirect effects of job insecurity on user resistance through positive emotions .This study has offered a new perspective for academic re-search as well as management .

Adel Yazdanmehr,Yuan Li,Jingguo Wang

DOI: https://doi.org/10.1080/0960085X.2022.2099767

2022-07-24

European Journal of Information Systems

Abstract:Past research suggests that the demands of information security policies (ISPs) cause stress upon employees, leading them to violate the policies. It emphasises the distress process but overlooks a possible positive process that may arise from the ISP demands (i.e., the eustress process) and motivate employees to reduce ISP violations. This study explores both the distress and eustress processes. It proposes that the challenge and hindrance aspects of ISP demands induce these processes and subsequently affect ISP violations. Besides, employees' ISP-related self-efficacy may facilitate or impede these processes. To test the research model, a survey was conducted on 375 employees in the U.S. The results show that the challenge aspect of ISP demands elicits a positive psychological response of employees, which in turn triggers their planful problem-solving to deal with these demands. In contrast, the hindrance aspect of ISP demands provokes a negative psychological response that triggers employees' wishful thinking about ISP demands. Meanwhile, employees' self-efficacy strengthens the effect of positive psychological response on planful problem-solving. Subsequently, planful problem-solving reduces employees' intention to violate the ISP, while wishful thinking increases their intention. This dual-process view sheds new light on the connection between ISP demands and ISP violation intention.

information science & library science,management,computer science, information systems

Adel Yazdanmehr,Yuan Li,Jingguo Wang

DOI: https://doi.org/10.1111/isj.12417

2022-01-01

Abstract:Studies on employee responses to the information security policy (ISP) demands to show that employees who experience stress over the demands would resort to emotion-focused coping to alleviate the stress and subsequently violate the ISP. However, their intent to engage in problem-focused coping to meet the ISP demands and possibly reduce ISP violations has yet to be analysed. We argue that both types of coping responses coexist in employee responses to ISP demands and they together influence ISP violation intention. Drawing upon the Transactional Model of Stress and Coping, we examine how security-related stress (SRS) triggers inward and outward emotion-focused coping, and problem-focused coping to the ISP demands, which together influence employee ISP violations. We also examine how ISP-related self-efficacy and organisational support moderate the effects of SRS on coping responses. We surveyed 200 employees in the United States to test our model. The results indicate that SRS triggers all three coping responses, and ISP-related self-efficacy and organisational support reduce the effects of SRS on inward and outward emotion-focused coping. Problem-focused coping then decreases ISP violation intention, whereas inward and outward emotion-focused coping increases it. The model was further verified with ISP compliance as the outcome construct, which yielded consistent results. Understanding various coping responses to SRS and the factors that facilitate or inhibit the responses can assist managers in effectively designing and implementing the ISP to reduce employee ISP violations.

Ying Li,Nan Zhang,Mikko Siponen

DOI: https://doi.org/10.1080/0144929x.2018.1539519

2019-01-01

Abstract:Employees' violation of information security policies is a major threat to an organisation. Some violations such as using an easy-to-guess password or storing confidential data on personal unencrypted flash drives usually do not cause immediate harm; instead, these actions create security flaws that can be attacked in the future and cause delayed consequences. We call such behaviour consequence-delayed information security violation (CDISV). The ignorance or denial of the possible delayed consequences is the main reason employees engage in such insecure behaviour. Due to the delay between the action and the consequence, a long-term mindset could play an important role in employees' current decision-making. Specifically, in this study, we propose that long-term orientation is an influential factor in decreasing CDISV. The long-term orientation includes three dimensions: continuity, futurity, and perseverance. In addition, based on the stewardship theory and the needs theory, we further propose that value identification and the fulfilment of higher-order needs (trusted relationship and growth) are important drivers for employees to have a long-term orientation. We collected survey data using the 170 responses we received from a global company's employees. The empirical results support our arguments. Our findings provide implications to organisations to encourage employees' information security behaviours.

MO Shenjiang,SHI Junqi

DOI: https://doi.org/10.3724/sp.j.1041.2017.00349

2017-01-01

Acta Psychologica Sinica

Abstract:Companies in the service industry have greater pressure now to improve the quality of their customer service.Employees in service organizations usually should display an appropriate emotion toward their customers.Previous studies on emotional labor strategies (surface acting and deep acting) examined mainly their impacts on employees' attitudes and cognition.Till now,the impacts of emotional labor strategies on employee sabotage behavior have not been studied thoroughly yet.Moreover,insufficient attention has been paid on understanding the boundary conditions that may enhance or mitigate the effects of emotional labor strategies on employees' sabotage behavior.Therefore,based on the conservation of resources theory and the emotion theory,this study attempted to examine the impacts of emotional labor strategies on employees' sabotage behavior,as well as on the moderating roles of policy strength perception and the social sharing of emotions.Data was collected from employees working in call centers of two companies in Beijing,China.Two waves of the survey were conducted.In the first wave,participants were required to complete a questionnaire including demographic information (e.g.,gender,age,and education),control variables (neuroticism and negative affectivity),emotional labor strategies (surface acting and deep acting),policy strength perception,and social sharing of emotions.In the second wave,participants reported the levels of service sabotage behavior.We invited 1014 employees to participate in the first wave of the survey,and 899 employees in the second wave.The final sample consisted of 788 employees who completed both two waves.We examined our hypotheses with the SPSS 18.0 software.Results showed that:1) surface acting was positively related to employee sabotage behavior,but deep acting was not significantly associated with employee sabotage behavior.2) The relationship between surface acting and employee sabotage behavior was significantly moderated by policy strength perception.Specifically,surface acting significantly enhanced employee sabotage behavior when the level of policy strength perception was high.3) Social sharing of emotions significantly moderated the relationship of deep acting and employee sabotage behavior.Specifically,when the level of social sharing of emotions was high,deep acting significantly reduced employee sabotage behavior.This study contributes to the conservation of resources theory and emotional labor literature in several aspects.First,we demonstrate the impacts of different emotional labor strategies on employee sabotage behavior.It significantly extends our understanding of the behavioral outcomes of emotional labor strategies.Second,we highlight the value of conservation of resources theory in the emotional labor work context by demonstrating two important boundary conditions that either enhance or mitigate the impacts of emotional behavior strategies on employee sabotage behavior.Accordingly,managerial implications regarding the alleviating role of policy strength perception and social sharing of emotions in emotional labor management are discussed.We advocate that service companies should provide special training programs for employees to learn ways to cope with emotional labor activities.They should establish clear behavioral norms and reward systems as guidance for employees.In addition,they could provide employees opportunities,such as employee assistance programs,to communicate and share with others.

Zakir Shah,Lu Wei,Usman Ghani

DOI: https://doi.org/10.1007/s12144-024-06426-2

IF: 2.8

2024-01-01

Current Psychology

Abstract:This research investigates the relationship between interpersonal risk communication, cognitive risk perception, and negative emotions during the COVID-19 epidemic. The study also examines cognitive risk perception as a mediator between interpersonal risk communication and negative emotions and interpersonal trust as a moderator in the relationships of interpersonal risk communication with cognitive risk perception and negative emotions. An online questionnaire was completed by 1600 respondents in mainland China. The findings of the study indicate a significant link between interpersonal risk communication and both cognitive risk perception and negative emotions. Moreover, the results demonstrate that cognitive risk perception acts as a mediator in the connection between interpersonal risk communication and negative emotions. However, it is noteworthy that the connection between interpersonal risk communication and both cognitive risk perception and negative emotions is moderated by interpersonal trust. Implications based on the study’s findings are also discussed.

Xingyu Lan,Yanqiu Wu,Yang Shi,Qing Chen,Nan Cao

DOI: https://doi.org/10.1145/3491102.3517530

2022-01-01

Abstract:Recent work has highlighted that emotion is key to the user experience with data stories. However, limited attention has been paid to negative emotions specifically. This work investigates the outcomes of negative emotions in the context of serious data stories and examines how they can be augmented by design methods from the perspectives of both storytellers and viewers. First, we conducted a workshop with 9 data story experts to understand the possible benefits of eliciting negative emotions in serious data stories and 19 potential design methods that contribute to negative emotions. Based on the findings from the workshop, we then conducted a lab study with 35 participants to explore the outcomes of eliciting negative emotions as well as the effectiveness of the design methods. The results indicated that negative emotions mainly facilitated contemplative experiences and long-term memory. Besides, the design methods showed varied effectiveness in augmenting negative emotions and being recalled.

Xue Yang,Wei T. Yue,Choon Lin Sia

DOI: https://doi.org/10.1007/978-3-642-29873-8_17

2012-01-01

Abstract:IS security policy is one of the essential tools to ensure the secure use of information systems and technological assets. To enhance the effectiveness of policy implementation, organizations rely on security training, education and awareness (STEA) programs to help employees understand the IS security issues of the organization. However, different levels of STEA informativeness may have conflicting effects on employees' compliance decisions. In addition, the urgency of a task may also lead employees to abandon the compliance decision occasionally. The existing corporate information security policy (ISP) could also serve as a deterrence message that would influence compliance decisions. An experimental survey was conducted to examine this phenomenon and test the related hypotheses. The results of this study can be used to inform and guide researchers and practitioners as to how to better enforce an IS security policy through better implementation of STEA programs and improved design of ISP in different task scenarios.

Chao-Min Chiu,Hsiang-Lan Cheng,Jack Shih-Chieh Hsu,Chiew Mei Tan,Chiung Hui Huang

DOI: https://doi.org/10.1080/10447318.2024.2422757

IF: 4.92

2024-11-20

International Journal of Human-Computer Interaction

Abstract:Drawing upon the attitude theory, this study theorizes that commitment affects loafing behaviors and ISP compliance. Further, drawing upon the transfer theory, this study adopts the concepts of loafing and commitment transfer in order to explore whether social loafing will enhance employee cyberloafing and whether organizational commitment can enhance ISP commitment, both of which, in turn, influence ISP compliance intention. This study utilized structural equation modeling (SEM) to analyze survey data collected in July 2023 from 361 Taiwanese individuals affiliated with organizations or companies. The results show that social loafing has a strong positive effect on cyberloafing, which, in turn, has a strong negative effect on ISP compliance intention. Organizational commitment has a strong positive effect on ISP commitment, which, in turn, has a strong positive effect on ISP compliance intention. In addition, distortion of consequences moderates the relationship between social loafing and cyberloafing. Advantageous comparison moderates the relationship between cyberloafing and ISP compliance intention.

computer science, cybernetics,ergonomics

Ying Li,Ting Pan,Nan Zhang,Nan (Andy) Zhang

DOI: https://doi.org/10.1108/jeim-01-2019-0018

2019-09-23

Journal of Enterprise Information Management

Abstract:Purpose This paper is to investigate how employees respond to information security policies (ISPs) when they view the policies as a challenge rather than a hindrance to work. Specifically, the authors examine the roles of challenge security demands (i.e. continuity and mandatory) and psychological resources (i.e. personal and job resources) in influencing employees’ ISP non-compliance. Design/methodology/approach Applying a hypothetical scenario-based survey method, the authors tested our proposed model in six typical ISPs violation scenarios. In sum, 347 responses were collected from a global company. The data were analyzed using partial least square-based structural equation model. Findings Findings indicated that continuity and mandatory demands increased employees’ level of perseverance of effort, which, in turn, decreased their ISPs non-compliance intention. In addition, job resources, such as the trust enhancement gained from co-workers and the opportunities for professional development, enhanced the perseverance of effort. Practical implications The findings offer implications to practice by suggesting that organizations should design training programs to persuade employees to understand the ISPs in a positive way. Meanwhile, organizations should encourage employees to invest more personal resources by creating a trusting atmosphere and providing them opportunities to learn security knowledge and skills. Originality/value This study is among the few to empirically explore how employees respond and behave when they view the security policies as challenge stressors. The paper also provides a novel understanding of how psychological resources contribute to buffering ISP non-compliance.

information science & library science,management

Xiaofeng Chen,Dazhong Wu,Liqiang Chen,Joe K. L. Teng

DOI: https://doi.org/10.1016/j.im.2018.05.011

IF: 10.328

2018-01-01

Information & Management

Abstract:Information security policy (ISP) plays a critical role in information systems security management. Past research using General Deterrence Theory (GDT) on employees’ compliance intention (CI) with ISP produced mixed results. We use survey data to investigate how other factors influence the relationship between sanction severity and employees’ CI. The results show that none of the investigated moderating variables interacts with sanction severity on employees’ ISP compliance intentions. However, the significant impact of sanction severity on employees’ ISP CI disappears when the investigated variables are included, and the impact of sanction severity is mediated by perceived efficacy and descriptive norm.

Tung-Ju Wu,Jia-Min Li,Yenchun Jim Wu

DOI: https://doi.org/10.1108/md-09-2021-1257

IF: 5.589

2022-04-25

Management Decision

Abstract:Purpose This study aimed to explore the relationship between job insecurity and unsafe behaviour in human–machine collaboration, as well as investigating the mediating roles of emotional exhaustion and moderating roles of psychological detachment. Design/methodology/approach The authors followed the stressor-detachment model to build our research model. The authors selected manufacturing and service industry employees as samples, and designed three independent studies using the time-lagged method for SPSS and AMOS to test the hypotheses. Findings The results indicated that emotional exhaustion mediated the relationship between the two types of job insecurity and unsafe behaviours among service industry employees, while psychological detachment moderated the effect of qualitative job insecurity on emotional exhaustion. In manufacturing, psychological detachment moderated the effect of quantitative job insecurity on emotional exhaustion, while emotional exhaustion mediated the relationship between quantitative job insecurity and unsafe behaviours. Research limitations/implications The authors enhance understandings of how individual employee characteristics and the work environment jointly influence employees' levels of emotional exhaustion and likelihood of engaging in unsafe behaviours under the stressor-detachment model. Practical implications The authors suggest an important role of psychological detachment in human–machine collaboration. The authors also that organisations and managers could encourage employees not to check work-related emails on weekends to achieve full detachment. Originality/value This study contributes to both the stressor-detachment model and job insecurity literature. In addition, it investigates the role of detachment and emotional exhaustion by employees in human–machine collaboration.

management,business

Adel Yazdanmehr,Jingguo Wang

DOI: https://doi.org/10.1080/0960085X.2021.1980444

2021-09-23

European Journal of Information Systems

Abstract:Peers may help others avoid violating organisational information security policies (ISPs). This study explores how peer monitoring reduces employee ISP violation intention. We propose that peer monitoring discourages employees from violating ISP. Moreover, trust plays an important role. Trust not only facilitates peer monitoring, but also moderates the effect of peer monitoring on employee ISP violation intention. In addition, collective responsibility leads to peer monitoring. We test our research model with data from two waves of surveys of 254 employees in the United States conducted two weeks apart. We utilise four scenarios in the second wave of surveys capturing the dependent variable and measure all other constructs in the first wave of surveys. Our results suggest that peer monitoring decreases one's intention to violate ISPs. Furthermore, both collective responsibility and trust contribute to peer monitoring. Finally, trust amplifies the effect of peer monitoring on employees' intention to violate ISPs. We discuss the theoretical contributions and practical implications.

information science & library science,management,computer science, information systems

Jianwei Zhang,Mengmeng Fu,Hongchuan Zhang,Changyue Li,Wenfeng Zheng,Weijun Hua

DOI: https://doi.org/10.1007/s12144-024-06898-2

IF: 2.8

2024-11-20

Current Psychology

Abstract:Previous studies suggested that emotion and social behavior were generally closely correlated in real-world situations, yet the mechanisms of emotion on cyber social behavior still remained unclear. Drawing on mood-congruent theory, we propose that negative and positive emotional fluctuations might influence different cyber social behaviors of college students and further examine the impact of emotions on cyber social behaviors by investigating the moderating effect of locus of control. Data were collected from undergraduates in China. Study 1 (an experiment; n=129) showed that positive emotion positively predicted cyber-prosocial behavior, and negative emotion positively predicted cyber-deviant behavior. Study 2a (n=258), an experience sampling method study, found that at the within-person level, time-varying positive emotion positively predicted time-varying cyber-prosocial behavior, while time-varying negative emotion positively predicted time-varying cyber-deviant behavior. Study 2b (a three-wave survey; n=314) demonstrated that internal locus of control weakened the direct effect of negative emotion on cyber-deviant behavior. The implications for theory, practice, and future research have been discussed.

psychology, multidisciplinary

Xuanye Han,Yuhuan Zhang,Dong Chen,Jingyan Sun,Zhixin Di,Zi Yang,Huanchen He

DOI: https://doi.org/10.1186/s12912-024-02006-8

2024-06-01

BMC Nursing

Abstract:Individuals may be more likely to engage in NSSI due to negative cognitive bias, while the use of negative emotional regulation mechanisms may further contribute to NSSI. Currently, there is a dearth of studies regarding the correlation among the three variables.

nursing

Han Li,R. Sarathy,Jie Zhang,X. Luo

DOI: https://doi.org/10.1111/isj.12037

IF: 7.767

2014-11-01

Information Systems Journal

Abstract:Internet security risks, the leading security threats confronting today's organizations, often result from employees' non‐compliance with the internet use policy (IUP). Extant studies on compliance with security policies have largely ignored the impact of intrinsic motivation on employees' compliance intention. This paper proposes a theoretical model that integrates an intrinsic self‐regulatory approach with an extrinsic sanction‐based command‐and‐control approach to examine employees' IUP compliance intention. The self‐regulatory approach centers on the effect of organizational justice and personal ethical objections against internet abuses. The results of this study suggest that the self‐regulatory approach is more effective than the sanction‐based command‐and‐control approach. Based on the self‐regulatory approach, organizational justice not only influences IUP compliance intention directly but also indirectly through fostering ethical objections against internet abuses. This research provides empirical evidence of two additional effective levers for enhancing security policy compliance: organizational justice and personal ethics.

Computer Science

Wenqin Li,Rongmin Liu,Linhui Sun,Zigu Guo,Jie Gao

DOI: https://doi.org/10.3390/ijerph192316038

IF: 4.614

2022-12-01

International Journal of Environmental Research and Public Health

Abstract:Employee security compliance behavior has become an important safeguard to protect the security of corporate information assets. Focusing on human factors, this paper discusses how to regulate and guide employees' compliance with information security systems through effective methods. Based on protection motivation theory (PMT), a model of employees' intention to comply with the information security system was constructed. A questionnaire survey was adopted to obtain 224 valid data points, and SPSS 26.0 was applied to verify the hypotheses underlying the research model. Then, based on the results of a regression analysis, fuzzy set qualitative comparative analysis (fsQCA) was used to explore the conditional configurations that affect employees' intention to comply with the information security system from a holistic perspective. The empirical results demonstrated that perceived severity, perceived vulnerability, response efficacy, and self-efficacy all positively influenced the employees' intention to comply with the information security system; while rewards and response costs had a negative effect. Threat appraisal had a greater effect on employees' intention to comply with the information security system compared to response appraisal. The fsQCA results showed that individual antecedent conditions are not necessary to influence employees' intention to comply with an information security system. Seven pathways exist that influence an employees' intention to comply with an information security system, with reward, self-efficacy, and response cost being the core conditions having the highest probability of occurring in each configuration of pathways, and with perceived severity and self-efficacy appearing in the core conditions of configurations with an original coverage greater than 40%. Theoretically, this study discusses the influence of the elements of PMT on employees' intention to comply with an information security system, reveals the mechanism of influence of the combination of the influencing factors on the outcome variables, and identifies the core factors and auxiliary factors in the condition configurations, providing a new broader perspective for the study of information security compliance behavior and providing some theoretical support for strengthening enterprise security management. Practically, targeted suggestions are proposed based on the research results, to increase the intention of enterprise employees to comply with information security systems, thereby improving the effectiveness of enterprise information security management and the degree of information security in enterprises.

public, environmental & occupational health,environmental sciences