2018
DOI: 10.1108/ics-08-2017-0054
|View full text |Cite
|
Sign up to set email alerts
|

Work-related groups and information security policy compliance

Abstract: Purpose It is widely acknowledged that norms and culture influence decisions related to information security. The purpose of this paper is to investigate how work-related groups influence information security policy compliance intentions and to what extent this influence is captured by the Theory of Planned Behavior, an established model over individual decision-making. Design/methodology/approach A multilevel model is used to test the influence of work-related groups using a cluster sample of responses from… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
9
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
5
1

Relationship

0
6

Authors

Journals

citations
Cited by 13 publications
(9 citation statements)
references
References 41 publications
0
9
0
Order By: Relevance
“…The findings of this study indicate that organizational culture indeed does matter for information security compliance. While some earlier studies (Alarifi et al , 2012; McCoy et al , 2009; Goo et al , 2013; Lowry et al , 2013; Sommestad, 2018) have indicated the existence of a relationship between organizational culture and information security behavior, very little attention has been given to the question of how different types of organizational culture influences information security behavior differently (Karlsson et al , 2015). This study supplies important evidence that the type of organizational culture that characterizes an organization influences employees’ tendency to comply with information security policies.…”
Section: Discussionmentioning
confidence: 99%
See 2 more Smart Citations
“…The findings of this study indicate that organizational culture indeed does matter for information security compliance. While some earlier studies (Alarifi et al , 2012; McCoy et al , 2009; Goo et al , 2013; Lowry et al , 2013; Sommestad, 2018) have indicated the existence of a relationship between organizational culture and information security behavior, very little attention has been given to the question of how different types of organizational culture influences information security behavior differently (Karlsson et al , 2015). This study supplies important evidence that the type of organizational culture that characterizes an organization influences employees’ tendency to comply with information security policies.…”
Section: Discussionmentioning
confidence: 99%
“…The Karlsson et al (2015) study is one of the most recent and extensive reviews that made an effort to categorize the variety of topics covered in research. Karlsson et al (2015) concluded, based on a bottom-up classification of research papers, that a significant share of the conducted research has addressed the relationship between organizational culture and information security (Alarifi et al, 2012;McCoy et al, 2009;Goo et al, 2013;Lowry et al, 2013;Sommestad, 2018). Work in this category has set out to test the basic assumption that culture affects information security in organizations.…”
Section: Organizational Culture and Information Security Policy Compliancementioning
confidence: 99%
See 1 more Smart Citation
“…On the other hand, TPB was applied by Lee (2009) to understand customers' intention to use online banking. It was also applied by Sommestad (2018) to understand how work-related groups influence employees' intention towards information security policy compliance. Some studies extended these theories by merging them, adding new relevant factors, or merging other theories to understand how people protect themselves from being victimised by phishing attacks.…”
Section: Theoretical Backgroundmentioning
confidence: 99%
“…A number of studies have investigated what influences individuals' motivation for information security compliance. A recent study of 2,000 Swedish workers found, that the work group's influence on individuals' intention to comply with information security policy was weak to moderate (Sommestad, 2018). Individual perceptions had a stronger influence, and it was concluded that information security perceptions in work groups are diverse, and decisions appear to be based on individual perceptions rather than group processes.…”
Section: Introductionmentioning
confidence: 99%