Why not comply with information security? An empirical approach for the causes of non-compliance. Issue 1 (13th February 2017)
- Record Type:
- Journal Article
- Title:
- Why not comply with information security? An empirical approach for the causes of non-compliance. Issue 1 (13th February 2017)
- Main Title:
- Why not comply with information security? An empirical approach for the causes of non-compliance
- Authors:
- Hwang, Inho
Kim, Daejin
Kim, Taeha
Kim, Sanghyun - Abstract:
- Abstract : Purpose: The purpose of this paper is to empirically investigate the negative casual relationships between organizational security factors (security systems, security education, and security visibility) and individual non-compliance causes (work impediment, security system anxiety, and non-compliance behaviors of peers), which have negative influences on compliance intention. Design/methodology/approach: Based on literature review, the authors propose a research model together with hypotheses. The survey questionnaires were developed to collect data, which then validated the measurement model. The authors collected 415 responses from employees at manufacturing and service firms that had already implemented security policies. The hypothesized relationships were tested using the structural equation model approach with AMOS 18.0. Findings: Survey results validate that work impediment, security system anxiety, and non-compliance peer behaviors are the causes of employee non-compliance. In addition, the authors found that security systems, security education, and security visibility decrease instances of non-compliance. Research limitations/implications: Organizations should establish a mixture of security investment in their systems, education, and visibility in order to effectively reduce employees' non-compliance. In addition, organizations should recognize the importance of minimizing the particular causes of employees' non-compliance to positively increaseAbstract : Purpose: The purpose of this paper is to empirically investigate the negative casual relationships between organizational security factors (security systems, security education, and security visibility) and individual non-compliance causes (work impediment, security system anxiety, and non-compliance behaviors of peers), which have negative influences on compliance intention. Design/methodology/approach: Based on literature review, the authors propose a research model together with hypotheses. The survey questionnaires were developed to collect data, which then validated the measurement model. The authors collected 415 responses from employees at manufacturing and service firms that had already implemented security policies. The hypothesized relationships were tested using the structural equation model approach with AMOS 18.0. Findings: Survey results validate that work impediment, security system anxiety, and non-compliance peer behaviors are the causes of employee non-compliance. In addition, the authors found that security systems, security education, and security visibility decrease instances of non-compliance. Research limitations/implications: Organizations should establish a mixture of security investment in their systems, education, and visibility in order to effectively reduce employees' non-compliance. In addition, organizations should recognize the importance of minimizing the particular causes of employees' non-compliance to positively increase intentions to comply with information security. Originality/value: An important issue in information security management is employee compliance. Understanding the reasons behind employees' non-compliance is a critical issue. This paper investigates empirically why employees do not comply, and how organizations can induce employees to comply by a mixture of investments in security systems, education, and visibility. … (more)
- Is Part Of:
- Online information review. Volume 41:Issue 1(2017)
- Journal:
- Online information review
- Issue:
- Volume 41:Issue 1(2017)
- Issue Display:
- Volume 41, Issue 1 (2017)
- Year:
- 2017
- Volume:
- 41
- Issue:
- 1
- Issue Sort Value:
- 2017-0041-0001-0000
- Page Start:
- 2
- Page End:
- 18
- Publication Date:
- 2017-02-13
- Subjects:
- Compliance intention -- Peer behaviour -- Security education -- Security systems -- Security visibility -- Work impediment
025.04 - Journal URLs:
- http://www.emeraldinsight.com/loi/oir ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/OIR-11-2015-0358 ↗
- Languages:
- English
- ISSNs:
- 1468-4527
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 6260.762534
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 2458.xml