Violators versus non-violators of information security measures in organizations—A study of distinguishing factors

IF 2 4区管理学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Organizational Computing and Electronic Commerce Pub Date : 2019-01-02 DOI:10.1080/10919392.2019.1552743

H. Khan, Khalid A. Alshare

{"title":"Violators versus non-violators of information security measures in organizations—A study of distinguishing factors","authors":"H. Khan, Khalid A. Alshare","doi":"10.1080/10919392.2019.1552743","DOIUrl":null,"url":null,"abstract":"ABSTRACT The present study analyzes the elements that differentiate violators from non-violators of information security measures. Various elements are derived from established theories and models such as general deterrence theory, theory of planned behavior, theory of reasoned action, protection motivation theory, and social cognitive theory. To examine these factors, the data are gathered through an online study conducted in a Midwestern University, USA. The data are collected using questionnaires, and after scrutiny, 195 questionnaires are selected for final analysis. This data are analyzed using second-level statistical techniques, such as chi-square analysis and ANOVA. Results reveal that violators and non-violators of information security measures differ significantly with respect to many factors. These factors include perceived privacy, subjective norms, perceived information security policy (ISP) scope, perceived severity of penalty, perceived celerity of penalty, management support, organizational security culture, and perceived organizational IT capability. The non-significant factors are trust and work load. Implications for practitioners and researchers are provided.","PeriodicalId":54777,"journal":{"name":"Journal of Organizational Computing and Electronic Commerce","volume":"29 1","pages":"23 - 4"},"PeriodicalIF":2.0000,"publicationDate":"2019-01-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1080/10919392.2019.1552743","citationCount":"29","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Organizational Computing and Electronic Commerce","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1080/10919392.2019.1552743","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 29

Abstract

ABSTRACT The present study analyzes the elements that differentiate violators from non-violators of information security measures. Various elements are derived from established theories and models such as general deterrence theory, theory of planned behavior, theory of reasoned action, protection motivation theory, and social cognitive theory. To examine these factors, the data are gathered through an online study conducted in a Midwestern University, USA. The data are collected using questionnaires, and after scrutiny, 195 questionnaires are selected for final analysis. This data are analyzed using second-level statistical techniques, such as chi-square analysis and ANOVA. Results reveal that violators and non-violators of information security measures differ significantly with respect to many factors. These factors include perceived privacy, subjective norms, perceived information security policy (ISP) scope, perceived severity of penalty, perceived celerity of penalty, management support, organizational security culture, and perceived organizational IT capability. The non-significant factors are trust and work load. Implications for practitioners and researchers are provided.

查看原文本刊更多论文

组织中信息安全措施的违反者与非违反者——区分因素的研究

本研究分析了信息安全措施的违规者和非违规者的区别要素。各种要素来源于已有的理论和模型，如一般威慑理论、计划行为理论、理性行为理论、保护动机理论和社会认知理论。为了检验这些因素，数据是通过在美国中西部大学进行的一项在线研究收集的。采用问卷调查的方式收集数据，经过审查，最终选出195份问卷进行分析。这些数据使用二级统计技术进行分析，如卡方分析和方差分析。结果显示，信息安全措施的违规者和非违规者在许多因素上存在显著差异。这些因素包括感知到的隐私、主观规范、感知到的信息安全策略(ISP)范围、感知到的处罚严重程度、感知到的处罚速度、管理支持、组织安全文化和感知到的组织IT能力。不显著因素为信任和工作量。为从业人员和研究人员提供了启示。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Organizational Computing and Electronic Commerce 工程技术-计算机：跨学科应用

CiteScore

5.80

自引率

17.20%

发文量

审稿时长

>12 weeks

期刊介绍： The aim of the Journal of Organizational Computing and Electronic Commerce (JOCEC) is to publish quality, fresh, and innovative work that will make a difference for future research and practice rather than focusing on well-established research areas. JOCEC publishes original research that explores the relationships between computer/communication technology and the design, operations, and performance of organizations. This includes implications of the technologies for organizational structure and dynamics, technological advances to keep pace with changes of organizations and their environments, emerging technological possibilities for improving organizational performance, and the many facets of electronic business. Theoretical, experimental, survey, and design science research are all welcome and might look at: • E-commerce • Collaborative commerce • Interorganizational systems • Enterprise systems • Supply chain technologies • Computer-supported cooperative work • Computer-aided coordination • Economics of organizational computing • Technologies for organizational learning • Behavioral aspects of organizational computing.