An activity theory approach to information security non-compliance

Khatib, Rima; Barki, Henri

doi:10.1108/ics-11-2018-0128

Cited by 9 publications

(4 citation statements)

References 40 publications

(66 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The organizational role embodies the responsibilities, duties, and functions assigned to individuals within the organizational structure Khatib and Barki (2020). It serves as a framework that delineates the scope of an individual's professional engagement and the tasks they are expected to perform.…”

Section: Hypotheses Discussionmentioning

confidence: 99%

Organizational Determinants and Compliance Behavior to Shape Information Security Plan

Cavallari

2023

Acad. J. Interdiscip. Stud.

View full text Add to dashboard Cite

In the advanced field of Information and Communication Technology (ICT) within modern corporate frameworks, the pressing issue of non-compliance becomes increasingly crucial. Achieving the ideal balance—where one fosters consistent employee commitment without resorting to overly harsh penalties for possible violations—presents a complex problem. Such a nuanced relationship calls for a synchronized coordination among the company’s underlying factors, the principles of the Information Security Plan (ISP), and overarching compliance mandates. As companies step into a period where digital environments are in constant flux, the importance of securing information systems rises to a critical level. Against this backdrop, compliance stands out as a vital component, functioning as a stringent safeguard in the ongoing mission to protect precious digital assets—a mission comprehensively detailed within the ISP. This in-depth academic study sets out to rigorously explore and scrutinize the diverse opinions and beliefs of committed employees and insightful management concerning unwavering company alignment with the ISP. This is accomplished by defining a construct that centers on key dimensions: Organizational Culture, Personal Attitudes, Actors, Behavioral Intentions, and Motivational Dynamics. Eleven Hypotheses are outlined and represent the materialisation of the model. This model form a starting point from which future empirical exploration will be able to take place, propelling us towards a deeper understanding of the phenomena under scrutiny. Received: 15 September 2023 / Accepted: 23 October 2023 / Published: 5 November 2023

show abstract

Section: Hypotheses Discussionmentioning

confidence: 99%

Organizational Determinants and Compliance Behavior to Shape Information Security Plan

Cavallari

2023

Acad. J. Interdiscip. Stud.

View full text Add to dashboard Cite

show abstract

“…However, as Sommestad et al (2014) observed in their meta-analysis, the results of the 29 studies they examined have not been consistently similar, with variables showing considerable variations among different studies in terms of how they influenced compliant/ non-compliant behaviors. Recent studies have also suggested that an interplay is likely to exist among the variables that explain non-compliance (Khatib and Barki, 2020b;Vance et al, 2020;Woltjer, 2017). This paper draws from RCT to explain the different possibilities summarized above.…”

Section: Theoretical Frameworkmentioning

confidence: 96%

“…Despite the growing literature on information security non-compliance, recent research has observed disparate results among the variables that have been used to explain noncompliance (Sommestad et al, 2014). This, in turn, suggests that examining an interplay of variables could better explain non-compliance (Khatib and Barki, 2020b;Woltjer, 2017). This paper drew from rational choice theory (RCT) to follow these suggestions and examine what motivates many employees to engage in non-compliant behaviors routinely.…”

mentioning

confidence: 99%

How different rewards tend to influence employee non-compliance with information security policies

Khatib

Barki

2021

ICS

Self Cite

View full text Add to dashboard Cite

Purpose To help reduce the increasing number of information security breaches that are caused by insiders, past research has examined employee non-compliance with information security policy. However, existent studies have observed mixed results, which suggest that an interaction is likely to exist among the variables that explain employee non-compliance. In an effort to provide evidence for this possibility, this paper aims to better explain why employees routinely engage in non-compliant behaviors by examining the direct and interactive effects of employees’ perceived costs and rewards of compliance and non-compliance on their routinized non-compliant behaviors. Design/methodology/approach Based on rational choice theory, this study used 16 hypothetical scenarios in an experimental survey, collecting data from 326 respondents and analyzing them via structural equation modeling and a four-way factorial experiment. Findings The results suggest that routinized non-compliance of employees is more strongly influenced by the rewards than the costs they perceive in their non-compliance. Further, employees’ routinized non-compliance behavior was found to be positively influenced by an interactive effect of perceived rewards of compliance when their perceptions of their non-compliance costs and rewards were both high and low. Originality/value This paper’s key contribution is to suggest that non-compliance behavior is influenced by direct and interactive effects of perceived rewards of compliance and non-compliance.

show abstract

“…There has been little research attention paid to the role of organizational factors in relation to the management of information security (Al-Darwish and Choe, 2019). Khatib and Barki (2020) held forth that it is important to consider the organizational circumstances, not only individual perceptions, when trying to understand non-compliance in information technology (IT) contexts. Factors, such as organizational security culture and climate, and sanctions (Alfawaz et al, 2010;Bulgurcu et al, 2010;D'Arcy et al, 2014), have been found to influence information security compliance.…”

Section: Introductionmentioning

confidence: 99%

The role of organizational and social factors for information security in a nuclear power industry

Gyllensten

Törner

2021

OCJ

View full text Add to dashboard Cite

PurposeThe aim of this study was to explore the organizational and social prerequisites for employees' participative and rule-compliant information security behaviour in Swedish nuclear power production and its related industry. These industries are high-risk activities that must be meticulously secured. Protecting the information security in the related organizations is an essential aspect of this.Design/methodology/approachIndividual in-depth interviews were conducted with 24 employees in two organizations within the nuclear power industry in Sweden.FindingsWe found that prerequisites for employees' participative and rule-compliant information security behaviour could be categorized into structural, social and individual aspects. Structural aspects included well-adapted rules, knowledge support and resources. Social aspects included a supportive organizational culture, collaboration and adequate resources, and individual aspects included individual responsibility.Originality/valueThe qualitative approach of the study provided comprehensive descriptions of the identified preconditions. The results may thus enable organizations to better promote conditions important for information security in a high-risk industry.

show abstract

An activity theory approach to information security non-compliance

Cited by 9 publications

References 40 publications

Organizational Determinants and Compliance Behavior to Shape Information Security Plan

Organizational Determinants and Compliance Behavior to Shape Information Security Plan

How different rewards tend to influence employee non-compliance with information security policies

The role of organizational and social factors for information security in a nuclear power industry

Contact Info

Product

Resources

About