个人信息Personal Information
副教授
硕士生导师
性别:女
毕业院校:芬兰奥卢大学
学位:博士
所在单位:信息管理与信息系统研究所
学科:管理科学与工程
电子邮箱:yingli@dlut.edu.cn
Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory
点击次数:
论文类型:期刊论文
发表时间:2013-11-01
发表刊物:COMPUTERS & SECURITY
收录刊物:SCIE、EI、SSCI、Scopus
卷号:39
期号:PART B
页面范围:447-459
ISSN号:0167-4048
关键字:IS security policy; Violation intention; General deterrence theory; Social bond theory; Social control mechanisms
摘要:It is widely agreed that a large amount of information systems (IS) security incidents occur in the workplace because employees subvert existing IS Security Policy (ISSP). In order to understand the factors that constrain employees from deviance and violation of the organizational ISSP, past work has traditionally viewed this issue through the lens of formal deterrene mechanisms; we postulated that we could better explain employees' ISSP violation behaviours through considering both formal and informal control factors as well as through considering existing deterrence theory. We therefore developed a theoretical model based on both deterrence and social bond theories rooted in a social control perspective to better understand employee behaviour in this context. The model is validated using survey data of 185 employees. Our empirical results highlight that both formal and informal controls have a significant effect on employees' ISSP violation intentions. To be specific, employees' social bonding is found to have mixed impacts on the employee's intention to violate ISSP. Social pressures exerted by subjective norms and co-worker behaviours also significantly influence employees' ISSP violation intentions. In analyzing the formal sanctions, the perceived severity of sanctions was found to be significant while, perceived certainty of those sanctions was not. We discuss the key implications of our findings for managers and researchers and the implications for professional practice. (C) 2013 Elsevier Ltd. All rights reserved.