Integrating Cognition with an Affective Lens to Better Understand Information Security Policy Compliance

Ormond, Dustin; Warkentin, Merrill; Crossler, Robert E.

doi:10.17705/1jais.00586

Cited by 32 publications

(20 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This model predicts that positive/negative affective associations mediate cognitive beliefs and behavioral response and also directly influence behavioral decisions and outcomes [30]. Affect in general is also viewed as one of the dimensions of attitude [75] and recent research has highlighted the need to study cognitive as well as affective processes in IS behavioral studies to understand the phenomenon holistically [48].…”

Section: Theoretical Model and Hypotheses Developmentmentioning

confidence: 99%

Cognitive-affective appraisal of technostressors by ICT-based mobile workers and their impacts on technostrain

Shirish

2021

HSM

View full text Add to dashboard Cite

BACKGROUND: ICT based mobile working gives organizational flexibility, productivity and performance but at the same time it can lead to techno-stress and technostrain perceptions. A high level of technostrain amongst ICT-based mobile workers would impact their well-being, leading to lesser than expected gains from such organizational ICT investments. Given this paradox, we examine the actual transactional and relational stressor-strain coping response processes in this novel context. OBJECTIVE: The broad research aim of this paper is to explain the relative importance of the cognitive and affective processes used amongst ICT-based mobile workers when coping with technostressors. METHODS: Specifically, based on technology frames literature, we develop dual-path serial mediation models, showing the relationships between technostress-technostrain via two processes: (a) the primary cognitive appraisal process mobilization (threat/opportunity technology frame) and (b) the secondary affective resource process mobilization (affect towards ICT use) to account for technostrain perceptions. We use survey data from 165 ICT-based mobile managers from diverse work settings to empirically confirm the theorized models. RESULTS/CONCLUSIONS: A predominant cognitive ‘threat frames’ leads to increase in technostrain, which decreases if ‘affective resource’ is available for coping. This relationship is inverse in the case of ‘opportunity frames’ path, as technostrain perceptions decreases with and without affective resource mobilization. Implications to theory, practice and methods are also discussed.

show abstract

Section: Theoretical Model and Hypotheses Developmentmentioning

confidence: 99%

Cognitive-affective appraisal of technostressors by ICT-based mobile workers and their impacts on technostrain

Shirish

2021

HSM

View full text Add to dashboard Cite

show abstract

“…Employees can reduce their cognitive-type fatigue by simply taking breaks or by focusing on a different task for a period of time (Hagger et al, 2010). In contrast, attitudinal-type fatigue is more enduring, and in this way somewhat akin to a "trait" (Ormond et al, 2019). While it may be possible to reduce attitudinal-type fatigue with intervention, we see this type of fatigue as less transient due to observations from research that attitudes, once set, are difficult to change (see Bada et al, 2019 for a review).…”

Section: Management/ Information Systemsmentioning

confidence: 99%

Encouraging Employee Engagement With Cybersecurity: How to Tackle Cyber Fatigue

2021

View full text Add to dashboard Cite

Cybersecurity fatigue is a form of work disengagement specific to cybersecurity. It manifests as a weariness or aversion to cybersecurity-related workplace behaviors or advice and occurs as a result of prior overexposure to cybersecurity-related work demands or training. While some previous theoretical conceptualizations of cybersecurity fatigue are available, this article is the first to capture all dimensions of the phenomenon in a four-component model. The model holds that cybersecurity fatigue can result from overexposure to workplace cybersecurity advice (e.g., training) or cybersecurity actions (e.g., forced password updates). Similarly, we argue that there can be two types of cybersecurity fatigue: attitudinal (e.g., a belief that cybersecurity is not important) and cognitive (e.g., habituated bad behaviors). We present a multidisciplinary review, which draws on research from management, psychology, and information systems. Practitioners can use the four-component model to identify the type of cybersecurity fatigue that may be occurring in employees and adapt workplace processes accordingly to improve behavior. In addition, we present three illustrative case studies, adapted from employee experiences, to demonstrate the application of the four-component model to an organizational context. The review presents a framework for coordinating the existing approaches to cybersecurity fatigue in the current literature.

show abstract

“…Theoretical framework and hypothesis development ISP violation and ethical leadership Employee engagement in ISP violation, as a specific organizational deviant behavior, has been identified as one of the major issues leading to security incidents. Previous studies have identified a variety of individual and organizational factors that influence employees' ISP violation or compliance behavior, such as fear appeals and sanction (Herath and Rao, 2009;Johnston et al, 2015;Li et al, 2014;Wall and Warkentin, 2019), neutralization (Siponen and Vance, 2010;Trinkle et al, 2021), security-related stress (D'Arcy et al, 2014), moral beliefs (Siponen et al, 2012), personal ethics (Li et al, 2014), top management and leadership (Hu et al, 2012;Guhr et al, 2019;Feng et al, 2019), and organizational justice (Willison et al, 2018;Xu et al, 2019;Ormond et al, 2019). Among these factors, explaining the influence of management leadership on employees' security behavior has become an important focus in IS security research.…”

Section: Introductionmentioning

confidence: 99%

Ethical leadership and employee information security policy (ISP) violation: exploring dual-mediation paths

Xue

Luo

et al. 2021

OCJ

Self Cite

View full text Add to dashboard Cite

PurposeA growing number of studies have investigated the effect of ethical leadership on behavioral outcome of employees. However, considering the important role of ethics in IS security, the security literature lacks a theoretical and empirical investigation of the relationship between ethical leadership and employees' security behavior, such as information security policy (ISP) violation. Drawing on social learning and social exchange theories, this paper empirically tests the impact of ethical leadership on employees' ISP violation intention through both information security climate (i.e. from a moral manager's perspective) and affective commitment (i.e. from a moral person's perspective).Design/methodology/approachThe research was developed based on social learning theory and social exchange theory. To measure the variables in the model, the authors used and adapted measurement items from previous studies. The authors conducted a scenario-based survey with 339 valid responses to test and validate the research model.FindingsResults indicated that information security climate fully mediates the relationship between ethical leadership and ISP violation intention. The authors also found that information security climate enhances the negative effect of affective commitment on ISP violation intention.Originality/valueThis research contributes to the literature of information security by introducing the role of ethical leadership and integrating two theories into our research model. This study also calls attention to how information security climate and affective commitment mediate the relationship between ethical leadership and employees' ISP violation intention. The theory-driven study provides important pragmatic guidance for enhancing the understanding of the importance of ethical leadership in information systems security research.

show abstract

Integrating Cognition with an Affective Lens to Better Understand Information Security Policy Compliance

Cited by 32 publications

References 0 publications

Cognitive-affective appraisal of technostressors by ICT-based mobile workers and their impacts on technostrain

Cognitive-affective appraisal of technostressors by ICT-based mobile workers and their impacts on technostrain

Encouraging Employee Engagement With Cybersecurity: How to Tackle Cyber Fatigue

Ethical leadership and employee information security policy (ISP) violation: exploring dual-mediation paths

Contact Info

Product

Resources

About