Loading…

Understanding Employee Responses to Stressful Information Security Requirements: A Coping Perspective

We use coping theory to explore an underlying relationship between employee stress caused by burdensome, complex, and ambiguous information security requirements (termed "security-related stress" or SRS) and deliberate information security policy (ISP) violations. Results from a survey of...

Full description

Saved in:
Bibliographic Details
Published in:Journal of management information systems 2014-10, Vol.31 (2), p.285-318
Main Authors: D'Arcy, John, Herath, Tejaswini, Shoss, Mindy K.
Format: Article
Language:English
Subjects:
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:We use coping theory to explore an underlying relationship between employee stress caused by burdensome, complex, and ambiguous information security requirements (termed "security-related stress" or SRS) and deliberate information security policy (ISP) violations. Results from a survey of 539 employee users suggest that SRS engenders an emotion-focused coping response in the form of moral disengagement from ISP violations, which in turn increases one's susceptibility to this behavior. Our multidimensional view of SRS-comprised of security-related overload, complexity, and uncertainty-offers a new perspective on the workplace environment factors that foster noncompliant user behavior and inspire cognitive rationalizations of such behavior. The study extends technostress research to the information systems security domain and provides a theoretical framework for the influence of SRS on user behavior. For practitioners, the results highlight the incidence of SRS in organizations and suggest potential mechanisms to counter the stressful effects of information security requirements.
ISSN:0742-1222
1557-928X
DOI:10.2753/MIS0742-1222310210