2019
DOI: 10.1111/isj.12257
|View full text |Cite
|
Sign up to set email alerts
|

Information security policy noncompliance: An integrative social influence model

Abstract: Despite the significant advancements made in understanding the factors that drive employees' compliance and noncompliance behaviours with information security policy (ISP), less is known about how different factors interact to impact such behaviours. Having been drawn on the social information processing theory, this research develops an integrative model that investigates how ethical work climate, beliefs, and neutralization interact to jointly explain ISP noncompliance. The model is tested via a survey of a … Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
17
0

Year Published

2019
2019
2023
2023

Publication Types

Select...
8

Relationship

0
8

Authors

Journals

citations
Cited by 41 publications
(17 citation statements)
references
References 105 publications
(251 reference statements)
0
17
0
Order By: Relevance
“…Research showing how employees can influence the effectiveness of their respective organizations' cybersecurity efforts is well documented (Crossler et al, 2013;Warkentin & Willison, 2009). In fact, a substantial body of literature has examined the detrimental impacts of employee behavior like computer abuse (Lee et al, 2004;Straub & Nance, 1990;Willison & Warkentin, 2013), noncompliance with information security policies (ISPs; Gwebu et al, 2020;Kajtazi et al, 2018;Lowry & Moody, 2015), and shadow IT utilization (Silic & Back, 2014;Zimmermann & Rentrop, 2014). Conversely, research has also shown how employees can act as "protective stewards" of sensitive organizational assets as they actively attempt to defend their organizations from threats (Burns et al, 2018;Posey et al, 2013Posey et al, , 2015.…”
Section: Introductionmentioning
confidence: 99%
“…Research showing how employees can influence the effectiveness of their respective organizations' cybersecurity efforts is well documented (Crossler et al, 2013;Warkentin & Willison, 2009). In fact, a substantial body of literature has examined the detrimental impacts of employee behavior like computer abuse (Lee et al, 2004;Straub & Nance, 1990;Willison & Warkentin, 2013), noncompliance with information security policies (ISPs; Gwebu et al, 2020;Kajtazi et al, 2018;Lowry & Moody, 2015), and shadow IT utilization (Silic & Back, 2014;Zimmermann & Rentrop, 2014). Conversely, research has also shown how employees can act as "protective stewards" of sensitive organizational assets as they actively attempt to defend their organizations from threats (Burns et al, 2018;Posey et al, 2013Posey et al, , 2015.…”
Section: Introductionmentioning
confidence: 99%
“…Most researchers provided solutions for noncompliant behavior with criminological theories (for instance, crime pattern theory, social control theory, deterrence theory) [39,51,52]. Furthermore, some researchers provided solutions with deterrence or punishments to insiders [23,34].…”
Section: Information Security Behavior and Noncompliance Towards Information Security Policiesmentioning
confidence: 99%
“…An ethical work climate, neutralization, and beliefs (i.e., about the perceived cost of compliance, the perceived cost of noncompliance, and the benefits of compliance) interact towards employees' noncompliance behavior with ISP, as demonstrated in detail by [51]. These researchers presented a framework based on social information processing theory.…”
Section: Neutralization Srs and Noncompliancementioning
confidence: 99%
See 1 more Smart Citation
“…In this issue of the ISJ, we present six articles. In the first article, Gwebu, Wang, and Hu () draw on Social Information Processing Theory to bring the different lines of ISP (non)compliance studies under a common umbrella. Thus, the research provides a richer and more realistic conceptualization of how beliefs, neutralization, and ethical work climate may interact and intervene to complicate the belief–noncompliance relationship.…”
mentioning
confidence: 99%