Ensuring employees' ISP compliance: A combination of deterrence and regulatory focus approach | |
---|---|
學年 | 104 |
學期 | 2 |
發表日期 | 2016-04-05 |
作品名稱 | Ensuring employees' ISP compliance: A combination of deterrence and regulatory focus approach |
作品名稱(其他語言) | |
著者 | Shih, Sheng-Pao; Jack Shih-Chieh Hsu; Huang, Hsin-Yi; Peng, Cheng-Hui |
作品所屬單位 | |
出版者 | |
會議名稱 | Forty-Fifth Annual Conference of the Western Decision Sciences Institute |
會議地點 | Las Vegas, U.S.A. |
摘要 | Deterrence theory has been widely applied in information security behavioral research. In organizations, employees’ information security policy (ISP) compliance is definitely an important information security behavior. To explore employees’ ISP compliance, previous information security behavioral studies mainly based on the perspective of sanctions from deterrence theory; however, these studies have inconsistent results of deterrence effect, which mean that the direct effects of deterrence on employees’ information security behaviors are not universally applicable in all organization settings [1]. In addition, while most ISP compliance studies applied deterrence theory focus on the impacts of deterrence (i.e. punishment severity and detection certainty) on ISP compliance behaviors, these studies ignored the fact that, different individuals tend to have two fundamental needs: nurturance and security [2], that may affect the magnitude of the impact of deterrence on ISP compliance behaviors. Regulatory focus theory explains the needs and formulates two different regulatory foci: promotion and prevention. Promotion focus is more associated with need for growth and achievement, whereas prevention focus is more driven by security needs. In view of aforementioned research gaps, based on the deterrence theory and regulatory focus theory, this study tries to understand the effect of different regulatory focus on the relationship between deterrence and employees’ ISP compliance intention. We collected data through a questionnaire survey from the employees working in high tech industry in Taiwan. The results show that detection certainty and punishment severity positively affect ISP compliance intention. The relationship between punishment severity and ISP compliance intention is moderated by prevention focus and the relationship between detection certainty and ISP compliance intention is moderated by promotion focus. This study provides an in-depth understanding of deterrence in ISP compliance context while suggesting that regulatory focus plays an important role in affecting employees’ compliance with information security policy. Implications for both academic and practice are also highlighted to address the moderating effects on the relationship between deterrence and ISP compliance intention |
關鍵字 | |
語言 | en_US |
收錄於 | |
會議性質 | 國際 |
校內研討會地點 | 無 |
研討會時間 | 20160405~20160409 |
通訊作者 | |
國別 | USA |
公開徵稿 | |
出版型式 | |
出處 | Proceedings of Forty-Fifth Annual Conference of the Western Decision Sciences Institute , pp.173-188 |
相關連結 |
機構典藏連結 ( http://tkuir.lib.tku.edu.tw:8080/dspace/handle/987654321/107222 ) |