Stress-based security compliance model – an exploratory study

Purpose This paper aims to extend current information security compliance research by adapting "work-stress model" of the extended Job Demands-Resources model to explore how security compliance demands, organization and personal resources influence end-user security compliance. The paper p...

Full description

Saved in:
Bibliographic Details
Published in:Information and computer security 2016-01, Vol.24 (4), p.326-347
Main Authors: Pham, Hiep-Cong, El-Den, Jamal, Richardson, Joan
Format: Article
Language:English
Subjects:
Behavior
Burnout
Case depth
Company structure
Compliance
Computer information security
Cybersecurity
Demand
Employees
End users
Environmental impact
Fines & penalties
Information sources
Internet access
Mathematical models
Network security
Occupational stress
Organizations
Prevention
Qualitative research
Sanctions
Security
Security management
Security programs
Stress
Stresses
Threats
User behavior
Vietnam
Violations
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Purpose This paper aims to extend current information security compliance research by adapting "work-stress model" of the extended Job Demands-Resources model to explore how security compliance demands, organization and personal resources influence end-user security compliance. The paper proposes that security compliance burnout and security engagement as the mediating factors between security compliance demands, organizational and personal resources and individual security compliance. Design/methodology/approach The authors used a multi-case in-depth interview method to explore the relevance and significance of security demands, organizational resources and personal resources on security compliance at work. Seventeen participants in three organizations including a bank, a university and an oil distribution company in Vietnam were interviewed during a four-month period. Findings The study identified three security demands, three security resources and two aspects of personal resources that influence security compliance. The study demonstrates that the security environment factors such as security demands and resources affected compliance burden and security engagement. Personal resources could play an integral role in moderating the impact of security environment on security compliance. Research limitations/implications The findings presented are not generalizable to the wider population of end-users in Vietnam due to the small sample size used in the interviews. Further quantitative studies need to measure the extent of each predictor on security compliance. Originality/value The originality of the research stems from proposing not only stress-based but also motivating factors from the security environment on security compliance. By using qualitative approach, the study provides more insight to understand the impact of the security environments on security compliance.
ISSN:2056-4961
0968-5227
2056-497X
DOI:10.1108/ICS-10-2014-0067