Security culture and the employment relationship as drivers of employees' security compliance

Information Management and Computer Security

Volumn 22, Issue 5, 2014, Pages 474-489

  D'Arcy, John ^a   Greene, Gwen ^b  

^a UNIVERSITY OF DELAWARE   (United States)

^b TOWSON UNIVERSITY   (United States)

Author keywords

Employees; End user computing

Indexed keywords

JOB SATISFACTION; PERSONNEL; SURVEYS;

DESIGN/METHODOLOGY/APPROACH; EMPLOYMENT RELATIONSHIP; END USER COMPUTING; MULTIDIMENSIONAL NATURE; ORGANIZATIONAL BEHAVIOR; PERCEIVED ORGANIZATIONAL SUPPORTS; SECURITY COMMUNICATION; TOP MANAGEMENT COMMITMENT;

EMPLOYMENT;

EID: 84915773934     PISSN: 09685227     EISSN: None     Source Type: Journal    
DOI: 10.1108/IMCS-08-2013-0057     Document Type: Conference Paper

References (43)

1. Albrechtsen, E. (2007), "A qualitative study of users' view on information security", Computers & Security, Vol. 26 No. 4, pp. 276-289.
2. Allaire, Y. and Firsirotu, M. E. (1984), "Theories of organizational culture", Organization Studies, Vol. 5 No. 3, pp. 193-226.
3. Alvesson, M. (2002), Understanding Organizational Culture, Sage, London.
4. Bagozzi, R. P. and Phillips, L. W. (1991), "Assessing construct validity in organizational research", Administrative Science Quarterly, Vol. 36 No. 3, pp. 421-458.
5. Beautement, A. and Sasse, A. (2009), "The economics of user effort in information security", Computer Fraud & Security, Vol. 10, pp. 8-12.
6. Boss, S. R., Kirsch, L. J., Angermeier, I., Shingler, R. A. and Boss, R. W. (2009), "If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security", European Journal of Information Systems, Vol. 18 No. 2, pp. 151-164.
7. Brayfield, A. H. and Rothe, H. F. (1951), "An index of job satisfaction", Journal of Applied Psychology, Vol. 35 No. 5, pp. 307-311.
8. Chan, M., Woon, I. and Kankanhalli, A. (2005), "Perceptions of information security at the workplace: linking information security climate to compliant behavior", Journal of Information Privacy & Security, Vol. 1 No. 3, pp. 18-41.
9. Chang, S. E. and Lin, C.-S. (2007), "Exploring organizational culture for information security management", Industrial Management & Data Systems, Vol. 107 No. 3, pp. 438-458.
10. Chin, W. (2000), "Frequently asked questions-partial least squares & pls graph", available at: http://disc-nt.cba.uh.edu/chin/plsfaq.htm
11. D'Arcy, J. and Greene, G. (2009), "The multifaceted nature of security culture and its influence on end user behavior", in Proceedings of IFIP TC8 International Workshop on Information Systems Security Research, Cape Town, pp. 145-157.
12. D'Arcy, J., Hovav, A. and Galletta, D. G (2009), "User awareness of security countermeasures and its impact on information systems misuse: a deterrence approach", Information Systems Research, Vol. 20 No. 1, pp. 79-98.
13. Deal, T. and Kennedy, A. (1982), Corporate Cultures: The Rites and Rituals of Corporate Life, Addison-Wesley, Reading, MA.
14. Eisenberger, R, Huntington, R, Hutchison, S. and Sowa, D. (1986), "Perceived organizational support", Journal of Applied Psychology, Vol. 71 No. 3, pp. 500-507.
15. Finch, J. H., Furnell, S. M. and Dowland, P. S. (2003), "Assessing IT security culture: system administrator and end-user", in Proceedings of the ISOneWorld Conference, Las Vegas, NV.
16. Hatch, M. J. and Cunliffe, A. L. (2012), Organization Theory: Modern Symbolic and Postmodern Perspectives, 3rd ed., Oxford University Press, New York, NY.
17. Herath, T. and Rao, H. R (2009), "Protection motivation and deterrence: a framework for security policy compliance in organisations", European Journal of Information Systems, Vol. 18 No. 2, pp. 106-125.
18. Hu, Q., Dinev, T., Hart, P. and Cooke, D. (2012), "Managing employee compliance with information security policies: the critical role of top management and organizational culture", Decision Sciences, Vol. 43 No. 4, pp. 615-660.
19. Judge, T. A., Bono, J. E., Thoreson, C. J. and Patton, GK. (2001), "The job satisfaction - job performance relationship: a qualitative and quantitative review", Psychological Bulletin, Vol. 127 No. 3, pp. 376-407.
20. Kaplan, S., Bradley, J. C., Luchman, J. N. and Haynes, D. (2009), "On the role of positive and negative affectivity in job performance: a meta-analytic investigation", Journal of Applied Psychology, Vol. 94 No. 1, pp. 162-176.
21. Knapp, K. J. (2006), "Information security: management's effect on culture and policy", Information Management & Computer Security, Vol. 14 No. 1, pp. 24-36.
22. Knapp, K. J., Marshall, T. E., Rainer, RK. and Ford, FN. (2005), "Managerial dimensions in information security: a theoretical model of organizational effectiveness", ISC2 Inc and Auburn University Research Report, Framingham, MA and Auburn, AL.
23. LePine, J. A., Erez, A. and Johnson, D. E. (2002), "The nature and dimensionality of organizational citizenship behavior: a critical review and meta-analysis", Journal of Applied Psychology, Vol. 87 No. 1, pp. 52-65.
24. MacKenzie, S. B., Podsakoff, P. M. and Podsakoff, N. P. (2011), "Construct measurement and validation procedures in MIS and behavioral research: integrating new and existing techniques", MIS Quarterly, Vol. 35 No. 2, pp. 293-334.
25. Martin, J., Frost, P. J. and O'Neill, O. A. (2006), "Organizational culture: beyond struggles for intellectual dominance", in Clegg, S., Hardy, C, Nord, W. and Lawrence, T. (Eds), Handbook of Organization Studies, 2nd ed., Sage Publications, London, pp. 725-753.
26. Petter, S., Straub, D. and Rai, A. (2007), "Specifying formative constructs in information systems research", MIS Quarterly, Vol. 31 No. 4, pp. 623-656.
27. Pettigrew, A. M. (1979), "On studying organizational cultures", Administrative Science Quarterly, Vol. 24 No. 4, pp. 570-581.
28. Podsakoff, P. M., MacKenzie, S. B., Lee, J. Y. and Podsakoff, N. P. (2003), "Common method biases in behavioral research: a critical review of the literature and recommended remedies" Journal of Applied Psychology, Vol. 88 No. 5, pp. 879-903.
29. Predd, J., Pfleeger, S. L., Hunker, J. and Bulford, C. (2008), "Insiders behaving badly", IEEE Security & Privacy, Vol. 6 No. 4, pp. 66-70.
30. Puhakainen, P. and Siponen, M. (2010), "Improving employees' compliance through information systems security training: an action research study", MIS Quarterly, Vol. 34 No. 4, pp. 757-778.
31. Rhoades, L. and Eisenberger, R. (2002), "Perceived organizational support: a review of the literature", Journal of Applied Psychology, Vol. 87 No. 4, pp. 698-714.
32. Ruighaver, S. B., Maynard, S. B. and Chang, S. (2007), "Organisational security culture: extending the end-user perspective", Computers & Security, Vol. 25 No. 1, pp. 56-62.
33. Settoon, R. P., Bennett, N. and Liden, RC. (1996), "Social exchange in organizations: perceived organizational support, leader-member exchange, and employee reciprocity", Journal of Applied Psychology, Vol. 81 No. 3, pp. 219-227.
34. Siponen, M., Mahmood, MA. and Pahnila, S. (2009), "Are employees putting your company at risk by not following information security policies?", Communications of the ACM, Vol. 52 No. 12, pp. 145-147.
35. Stanton, J. M. and Stam, K. R. (2006), The Visible Employee, Information Today, Medford, NJ.
36. Van Dyne, L. and Ang, S. (1998), "Organizational citizenship behavior of contingent workers in Singapore", Academy of Management Journal, Vol. 41 No. 6, pp. 692-703.
37. von Solms, R. and von Solms, B. (2004), "From policies to culture", Computers & Security, Vol. 23 No. 4, pp. 275-279.
38. Vroom, C. and von Solms, R (2004), "Towards information security behavioural compliance", Computers & Security, Vol. 23 No. 3, pp. 191-198.
39. Warkentin, M., Johnston, A. C and Shropshire, J. (2011), "The influence of the informal social learning environment on information privacy policy compliance efficacy and intention", European Journal of Information Systems, Vol. 20 No. 3, pp. 267-284.
40. Westerman, G. and Hunter, R. (2007), IT Risk: Turning Business Threats into Competitive Advantage, Harvard Business School Press, Boston, MA.
41. Wetzels, M., Oderkerken-Schroder, G. and van Oppen, C. (2009), "Using PLS path modeling for assessing hierarchical construct models: guidelines and empirical illustration", MIS Quarterly, Vol. 33 No. 1, pp. 177-195.
42. Williams, L. J. and Anderson, S. E. (1991), "Job satisfaction and organizational commitment as predictors of organizational citizenship and in-role behaviors", Journal of Management, Vol. 17 No. 3, pp. 601-617.
43. Wilson, T. (2009), "Understanding the danger within", InformationWeek Research Report, San Francisco, CA.