Journal ArticleDOI
Cognitive-affective drivers of employees' daily compliance with information security policies: A multilevel, longitudinal study
John D'Arcy,Paul Benjamin Lowry +1 more
Reads0
Chats0
TLDR
A model of employee compliance with information security policy (ISP) is presented that explicates stable, cognitive beliefs regarding the consequences of compliance and noncompliance as well as state‐based affective constructs, namely, positive and negative mood states and episodic, security‐related work‐impediment events.Abstract:
We present a model of employee compliance with information security policy (ISP) that (1) explicates stable, cognitive beliefs regarding the consequences of compliance and noncompliance as well as state-based affective constructs, namely, positive and negative mood states and episodic, security-related work-impediment events, and (2) provides an expanded conceptualisation of moral considerations and normative influences regarding employees' ISP compliance. Because affect is central to this theorisation, we ensure that the model captures and explains differences in day-to-day affective constructs to account for the often fleeting nature of affective states. We test our multilevel model using an experience-sampling methodology design, in which employees completed daily surveys over a 2-week period, followed by a hierarchal linear modelling statistical assessment. Our contribution to theory is a unique account of ISP compliance that integrates affective factors with constructs from rational choice theory and theory of planned behaviour and that diverges from prior conceptualisations of ISP compliance as a purely stable and reason-based phenomenon. For practitioners, our results suggest that a combination of cognitive and affective influences may produce discrete episodes of ISP compliance that do not coincide with prior behavioural trends.read more
Citations
More filters
Journal ArticleDOI
Investigating the impact of cybersecurity policy awareness on employees’ cybersecurity behavior
TL;DR: The results show that when employees are know of their company’s information security policy and procedures, they are more competent to manage cybersecurity tasks than those who are not aware of their companies’ cybersecurity policies.
Journal ArticleDOI
Bridging the Divide: A Qualitative Comparison of Information Security Thought Patterns between Information Security Professionals and Ordinary Organizational Insiders
TL;DR: The mindset of insiders regarding their relationship with information security efforts and compares it against the mindset of information security professionals are compared.
Journal ArticleDOI
Using Design-Science Based Gamification to Improve Organizational Security Training and Compliance
Mario Silic,Paul Benjamin Lowry +1 more
TL;DR: A design-science research project to improve an organization’s compound problems of unsuccessful employee phishing prevention and poorly received internal security training created a gamified security training system focusing on enhancing intrinsic motivation through gamification and improving security learning and efficacy.
Journal ArticleDOI
The impact of leadership on employees' intended information security behaviour: An examination of the full-range leadership theory
TL;DR: This study takes an interactional psychology perspective and links the dimensions of the full‐range model of leadership to employees' security compliance intention and security participation intention, and explores how and why different leadership styles enhance employees' intended information security behaviour.
Journal ArticleDOI
Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization
John D'Arcy,Pei-Lee Teh +1 more
TL;DR: It is observed that SRS had a positive association with frustration and fatigue, and these negative emotions were associated with neutralization of ISP violations, providing evidence that neutralization is not a completely stable phenomenon but can vary within individuals from one time point to another.
References
More filters
Journal ArticleDOI
The theory of planned behavior
TL;DR: Ajzen, 1985, 1987, this article reviewed the theory of planned behavior and some unresolved issues and concluded that the theory is well supported by empirical evidence and that intention to perform behaviors of different kinds can be predicted with high accuracy from attitudes toward the behavior, subjective norms, and perceived behavioral control; and these intentions, together with perceptions of behavioral control, account for considerable variance in actual behavior.
Journal ArticleDOI
Common method biases in behavioral research: a critical review of the literature and recommended remedies.
TL;DR: The extent to which method biases influence behavioral research results is examined, potential sources of method biases are identified, the cognitive processes through which method bias influence responses to measures are discussed, the many different procedural and statistical techniques that can be used to control method biases is evaluated, and recommendations for how to select appropriate procedural and Statistical remedies are provided.
Journal ArticleDOI
Development and validation of brief measures of positive and negative affect: The PANAS scales.
TL;DR: Two 10-item mood scales that comprise the Positive and Negative Affect Schedule (PANAS) are developed and are shown to be highly internally consistent, largely uncorrelated, and stable at appropriate levels over a 2-month time period.
Book
Hierarchical Linear Models: Applications and Data Analysis Methods
TL;DR: The Logic of Hierarchical Linear Models (LMLM) as discussed by the authors is a general framework for estimating and hypothesis testing for hierarchical linear models, and it has been used in many applications.