2016
DOI: 10.1108/ics-10-2014-0067
|View full text |Cite
|
Sign up to set email alerts
|

Stress-based security compliance model – an exploratory study

Abstract: Purpose This paper aims to extend current information security compliance research by adapting “work-stress model” of the extended Job Demands-Resources model to explore how security compliance demands, organization and personal resources influence end-user security compliance. The paper proposes that security compliance burnout and security engagement as the mediating factors between security compliance demands, organizational and personal resources and individual security compliance. Design/methodology/app… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
32
0

Year Published

2017
2017
2023
2023

Publication Types

Select...
6
2

Relationship

2
6

Authors

Journals

citations
Cited by 23 publications
(32 citation statements)
references
References 42 publications
0
32
0
Order By: Relevance
“…Second, while previous research viewed security demands as hindrances to compliance (D'Arcy et al, 2014, Pham et al, 2016, our study managed to show that when employees view security demands as challenges, they are motivated to put more efforts and better comply. Our study has provided preliminary evidence that hindrance and challenge security demands could result in different behavioral outcomes.…”
Section: Structural Model Resultsmentioning
confidence: 77%
See 1 more Smart Citation
“…Second, while previous research viewed security demands as hindrances to compliance (D'Arcy et al, 2014, Pham et al, 2016, our study managed to show that when employees view security demands as challenges, they are motivated to put more efforts and better comply. Our study has provided preliminary evidence that hindrance and challenge security demands could result in different behavioral outcomes.…”
Section: Structural Model Resultsmentioning
confidence: 77%
“…For example, D' Arcy et al (2014) conceptualized "security-related stress" (SRS) as comprising the subdimensions of work overload, complexity and uncertain of security requirements, and theorized that SRS could increase the level of moral disengagement, and indirectly, lead to ISP violation intention. Similarly, Pham et al (2016) proposed that employees might experience security compliance burnout caused by stress-based security compliance demands and, thus, decrease security compliance. However, stress may not always lead to a negative outcome.…”
mentioning
confidence: 99%
“…However, due to emerging threats in the cyberspace often security policy documents become outdated (Liu et al 2011), leading to higher threats to overall organization (Rocha et al 2014). In this regard, support from IT experts and peers is important to encourage employees to keep up to date with information protection techniques (Pham et al 2016;Wang and Hou 2015). By developing a culture where people are always willing to share knowledge and have a trusted and effective channel to communicate, an organisation is not only be able to encourage their employees to improve the knowledge but also to reduce the potential external attacks by increasing the awareness level of information safety and compliance towards the policies internally (Safa 2018).…”
Section: Significance Of Security Awareness and Knowledge Sharing To mentioning
confidence: 99%
“…Qualitative studies can yield rich perspectives in settings where human factors may intervene in planned outcomes. Recent studies employing qualitative approaches have provided further insights into how the users experience security practices (Albrechtsen and Hovden 2009, Pham et al 2016, Dourish et al 2004, and compared security perspectives between general users and security experts (Albrechtsen andHovden 2009, Posey et al 2014). These studies have been useful in establishing that there are gaps between intentions and behaviours in security compliance contexts.…”
Section: Introductionmentioning
confidence: 99%
“…A majority of prior researches in the field have explored the motivation for security compliance, which consists of a wide range of internal and external factors to an individual. Internal factors can be for example, self-efficacy (Dang- , Johnston and Warkentin 2010, Rhee et al 2009) or security goal orientations (Pham and Nkhoma 2015), while external factors come from sanctions and rewards (D'Arcy et al 2014, Herath andRao 2009a) , security culture (Ruighaver et al 2007) and climate (Goo et al 2014, as well as security demands and resources , Pham et al 2016). …”
Section: Introductionmentioning
confidence: 99%