点击次数：

论文类型：期刊论文

发表时间：2013-11-01

发表刊物：COMPUTERS & SECURITY

收录刊物：SCIE、EI、SSCI、Scopus

卷号：39

期号：PART B

页面范围：447-459

ISSN号：0167-4048

关键字：IS security policy; Violation intention; General deterrence theory; Social bond theory; Social control mechanisms

摘要：It is widely agreed that a large amount of information systems (IS) security incidents occur in the workplace because employees subvert existing IS Security Policy (ISSP). In order to understand the factors that constrain employees from deviance and violation of the organizational ISSP, past work has traditionally viewed this issue through the lens of formal deterrene mechanisms; we postulated that we could better explain employees' ISSP violation behaviours through considering both formal and informal control factors as well as through considering existing deterrence theory. We therefore developed a theoretical model based on both deterrence and social bond theories rooted in a social control perspective to better understand employee behaviour in this context. The model is validated using survey data of 185 employees. Our empirical results highlight that both formal and informal controls have a significant effect on employees' ISSP violation intentions. To be specific, employees' social bonding is found to have mixed impacts on the employee's intention to violate ISSP. Social pressures exerted by subjective norms and co-worker behaviours also significantly influence employees' ISSP violation intentions. In analyzing the formal sanctions, the perceived severity of sanctions was found to be significant while, perceived certainty of those sanctions was not. We discuss the key implications of our findings for managers and researchers and the implications for professional practice. (C) 2013 Elsevier Ltd. All rights reserved.