期刊
INFORMATION SYSTEMS JOURNAL
卷 29, 期 1, 页码 43-69出版社
WILEY
DOI: 10.1111/isj.12173
关键词
affect; information security policies (ISPs); ISP compliance; rational choice theory (RCT); theory of planned behaviour (TPB); multilevel analysis
We present a model of employee compliance with information security policy (ISP) that (1) explicates stable, cognitive beliefs regarding the consequences of compliance and noncompliance as well as state-based affective constructs, namely, positive and negative mood states and episodic, security-related work-impediment events, and (2) provides an expanded conceptualisation of moral considerations and normative influences regarding employees' ISP compliance. Because affect is central to this theorisation, we ensure that the model captures and explains differences in day-to-day affective constructs to account for the often fleeting nature of affective states. We test our multilevel model using an experience-sampling methodology design, in which employees completed daily surveys over a 2-week period, followed by a hierarchal linear modelling statistical assessment. Our contribution to theory is a unique account of ISP compliance that integrates affective factors with constructs from rational choice theory and theory of planned behaviour and that diverges from prior conceptualisations of ISP compliance as a purely stable and reason-based phenomenon. For practitioners, our results suggest that a combination of cognitive and affective influences may produce discrete episodes of ISP compliance that do not coincide with prior behavioural trends.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据