Security Policy Opt-in Decisions in Bring-Your-Own-Device (BYOD) – A Persuasion and Cognitive Elaboration Perspective

IF 2 4区管理学 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

Journal of Organizational Computing and Electronic Commerce Pub Date : 2019-07-18 DOI:10.1080/10919392.2019.1639913

Xue Yang, Xinwei Wang, W. Yue, C. Sia, X. Luo

{"title":"Security Policy Opt-in Decisions in Bring-Your-Own-Device (BYOD) – A Persuasion and Cognitive Elaboration Perspective","authors":"Xue Yang, Xinwei Wang, W. Yue, C. Sia, X. Luo","doi":"10.1080/10919392.2019.1639913","DOIUrl":null,"url":null,"abstract":"ABSTRACT Bring-Your-Own-Device (BYOD) has gained increased popularity in organizations but may engender information security concerns. To address these concerns, employees are expected to opt-in and comply with organizational BYOD security policy. This study investigates the factors that affect employees’ opt-in decisions with BYOD security policy. Drawing on the theoretical lenses of persuasion and cognitive elaboration, we propose that employees’ cognitive elaborations of BYOD security policy could be affected by the valence of justification of the BYOD security policy, the stringency of BYOD security measures, and the sequence of the introduction of BYOD security policy in relation to employees’ use of personal devices to perform organizational tasks and such cognitive elaborations would in turn affect opt-in decisions. We conducted an experimental survey to test our propositions. The results indicate that positive BYOD security policy justification framing and post-task security policy exposure would lead to more positive cognitive elaboration, decision to opt-in, and compliance with the BYOD security policy. This research has significant implications for security management with respect to the design and implementation of BYOD security policy within an organization according to the nature of security policy and the task requirements.","PeriodicalId":54777,"journal":{"name":"Journal of Organizational Computing and Electronic Commerce","volume":"29 1","pages":"274 - 293"},"PeriodicalIF":2.0000,"publicationDate":"2019-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.1080/10919392.2019.1639913","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Journal of Organizational Computing and Electronic Commerce","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1080/10919392.2019.1639913","RegionNum":4,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 7

Abstract

ABSTRACT Bring-Your-Own-Device (BYOD) has gained increased popularity in organizations but may engender information security concerns. To address these concerns, employees are expected to opt-in and comply with organizational BYOD security policy. This study investigates the factors that affect employees’ opt-in decisions with BYOD security policy. Drawing on the theoretical lenses of persuasion and cognitive elaboration, we propose that employees’ cognitive elaborations of BYOD security policy could be affected by the valence of justification of the BYOD security policy, the stringency of BYOD security measures, and the sequence of the introduction of BYOD security policy in relation to employees’ use of personal devices to perform organizational tasks and such cognitive elaborations would in turn affect opt-in decisions. We conducted an experimental survey to test our propositions. The results indicate that positive BYOD security policy justification framing and post-task security policy exposure would lead to more positive cognitive elaboration, decision to opt-in, and compliance with the BYOD security policy. This research has significant implications for security management with respect to the design and implementation of BYOD security policy within an organization according to the nature of security policy and the task requirements.

查看原文本刊更多论文

自带设备(BYOD)中的安全策略选择决策——一个说服和认知阐述的视角

自带设备(BYOD)在组织中越来越受欢迎，但可能会引起信息安全问题。为了解决这些问题，员工应该选择加入并遵守组织的BYOD安全政策。本研究探讨了影响员工选择加入BYOD安全政策的因素。利用说服和认知阐述的理论视角，我们提出员工对BYOD安全政策的认知阐述会受到BYOD安全政策的正当性、BYOD安全措施的严格程度以及与员工使用个人设备执行组织任务相关的BYOD安全政策的引入顺序的影响，而这种认知阐述反过来又会影响员工的选择决策。我们进行了一项实验性调查来检验我们的主张。结果表明，积极的BYOD安全策略论证框架和任务后安全策略暴露会导致更积极的认知阐述、选择加入决策和遵守BYOD安全策略。该研究对于根据安全策略的性质和任务需求在组织内设计和实施BYOD安全策略的安全管理具有重要意义。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Journal of Organizational Computing and Electronic Commerce 工程技术-计算机：跨学科应用

CiteScore

5.80

自引率

17.20%

发文量

审稿时长

>12 weeks

期刊介绍： The aim of the Journal of Organizational Computing and Electronic Commerce (JOCEC) is to publish quality, fresh, and innovative work that will make a difference for future research and practice rather than focusing on well-established research areas. JOCEC publishes original research that explores the relationships between computer/communication technology and the design, operations, and performance of organizations. This includes implications of the technologies for organizational structure and dynamics, technological advances to keep pace with changes of organizations and their environments, emerging technological possibilities for improving organizational performance, and the many facets of electronic business. Theoretical, experimental, survey, and design science research are all welcome and might look at: • E-commerce • Collaborative commerce • Interorganizational systems • Enterprise systems • Supply chain technologies • Computer-supported cooperative work • Computer-aided coordination • Economics of organizational computing • Technologies for organizational learning • Behavioral aspects of organizational computing.