Perceptions of Information Security at the Workplace : Linking Information Security Climate to Compliant Behavior

Abstract A large number of information security breaches in the workplace result from employees’ failure to comply with organizational information security guidelines. Recent surveys report that 78% of computer attacks appear in the form of viruses embedded in email attachments. Employees who open e-mail attachments from unknown sources risk infecting their own computers as well as other computers sharing the same network. Therefore, more attention needs to be paid to learning why non-compliant behavior takes place so that appropriate measures for curbing the occurrence of such behavior can be found. With such motivation in mind, this study examines the effects of social contextual factors on employees’ compliance with organizational security policies. The research model is developed based on concepts adapted from safety climate literature that has been used to explain the safe behavior of employees in organizations. Data was collected from a sample of 140 employees from two large IT intensive organizations using a 28- item survey instrument and analyzed using structured equation modeling. Management practices, supervisory practices, and coworker’s socialization were found to be positively related to employees’ perception of information security climate in the organization. Perception of security climate and self-efficacy had positive impacts on compliant behavior. Implications of this study for research and practice are discussed.

[1]  L. Cronbach Coefficient alpha and the internal structure of tests , 1951 .

[2]  G. H. Litwin,et al.  Motivation and Organizational Climate , 1968 .

[3]  D. Bray Managerial Behavior, Performance and Effectiveness. , 1971 .

[4]  Lawrence R. James,et al.  Organizational climate: A review of theory and research. , 1974 .

[5]  B. Schneider Organizational Climates: An Essay. , 1975 .

[6]  Allan P. Jones,et al.  Organizational structure: a review of structural dimensions and their conceptual relationships with individual attitudes and behavior , 1976 .

[7]  J. Pfeffer,et al.  An examination of need-satisfaction models of job attitudes. , 1977 .

[8]  A. Bandura Self-efficacy: toward a unifying theory of behavioral change. , 1977, Psychological review.

[9]  A. Cohen,et al.  Factors in successful occupational safety programs , 1977 .

[10]  J. Pfeffer,et al.  A social information processing approach to job attitudes and task design. , 1978, Administrative science quarterly.

[11]  R. Payne,et al.  Correlates of individual perceptions of organizational climate , 1978 .

[12]  Shelley E. Taylor,et al.  Salience, Attention, and Attribution: Top of the Head Phenomena , 1978 .

[13]  A. Bandura Self-efficacy: toward a unifying theory of behavioral change. , 1977, Psychology Review.

[14]  T. Cook,et al.  Quasi-experimentation: Design & analysis issues for field settings , 1979 .

[15]  Gilbert A. Churchill A Paradigm for Developing Better Measures of Marketing Constructs , 1979 .

[16]  H C Triandis,et al.  Values, attitudes, and interpersonal behavior. , 1980, Nebraska Symposium on Motivation. Nebraska Symposium on Motivation.

[17]  L. Delbeke Quasi-experimentation - design and analysis issues for field settings - cook,td, campbell,dt , 1980 .

[18]  D. Zohar Safety climate in industrial organizations: theoretical and applied implications. , 1980, The Journal of applied psychology.

[19]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[20]  M. Schnake,et al.  AN EMPIRICAL ASSESSMENT OF THE EFFECTS OF AFFECTIVE RESPONSE IN THE MEASUREMENT OF ORGANIZATIONAL CLIMATE , 1983 .

[21]  K. Bollen Multiple indicators: Internal consistency or no necessary relationship? , 1984 .

[22]  R. A. Grant,et al.  Building and testing a causal model of an information technology's impact , 1989, ICIS '89.

[23]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[24]  François Béland,et al.  A safety climate measure for construction sites , 1991 .

[25]  Izak Benbasat,et al.  Development of an Instrument to Measure the Perceptions of Adopting an Information Technology Innovation , 1991, Inf. Syst. Res..

[26]  Wynne W. Chin,et al.  The Effects of Group Attitudes Toward Alternative GDSS Designs on the Decision‐making Performance of Computer‐Supported Groups* , 1994 .

[27]  Wynne W. Chin,et al.  Adoption intention in GSS: relative importance of beliefs , 1995, DATB.

[28]  Deborah Compeau,et al.  Computer Self-Efficacy: Development of a Measure and Initial Test , 1995, MIS Q..

[29]  Weidong Chen,et al.  Declarative updates of relational databases , 1995, TODS.

[30]  David M. DeJoy,et al.  Theoretical models of health behavior and workplace self-protective behavior , 1996 .

[31]  R Isla Díaz,et al.  Safety climate and attitude as evaluation measures of organizational safety. , 1997, Accident; analysis and prevention.

[32]  Rosa Isla Díaz,et al.  Safety climate and attitude as evaluation measures of organizational safety. , 1997 .

[33]  Wynne W. Chin Issues and Opinion on Structural Equation Modeling by , 2009 .

[34]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[35]  Bob E. Hayes,et al.  Measuring Perceptions of Workplace Safety: Development and Validation of the Work Safety Scale , 1998 .

[36]  Rolph E. Anderson,et al.  Nederlandse samenvatting en bewerking van 'Multivariate data analysis, 4th Edition, 1995' , 1998 .

[37]  Deborah Compeau,et al.  Social Cognitive Theory and Individual Reactions to Computing Technology: A Longitudinal Study , 1999, MIS Q..

[38]  A Neal,et al.  Perceptions of safety at work: a framework for linking safety climate to safety performance, knowledge, and motivation. , 2000, Journal of occupational health psychology.

[39]  Detmar W. Straub,et al.  Structural Equation Modeling and Regression: Guidelines for Research Practice , 2000, Commun. Assoc. Inf. Syst..

[40]  D. Zohar A group-level model of safety climate: testing the effect of group climate on microaccidents in manufacturing jobs. , 2000, The Journal of applied psychology.

[41]  Alexander Hars,et al.  Web Based Knowledge Infrastructures for the Sciences: An Adaptive Document , 2000, Commun. Assoc. Inf. Syst..

[42]  N. Ashkanasy,et al.  Handbook of Organizational Culture and Climate , 2000 .

[43]  D. Zohar A group-level model of safety climate: testing the effect of group climate on microaccidents in manufacturing jobs. , 2000, The Journal of applied psychology.

[44]  James Backhouse,et al.  Current directions in IS security research: towards socio‐organizational perspectives , 2001, Inf. Syst. J..

[45]  E. Kelloway,et al.  Development and test of a model linking safety-specific transformational leadership and occupational safety. , 2002, The Journal of applied psychology.

[46]  Murugan Anandarajan,et al.  Managing Web Usage in the WorkPlace: A Social, Ethical, and Legal Perspective , 2002 .

[47]  Murugan Anandarajan,et al.  Classifying web usage behavior in the workplace: an artificial neural network approach , 2002 .

[48]  D. Zohar Modifying supervisory practices to improve subunit safety: a leadership-based intervention model. , 2002, The Journal of applied psychology.

[49]  Gil Luria,et al.  The use of supervisory practices as leverage to improve safety behavior: a cross-level intervention model. , 2003, Journal of safety research.

[50]  D. Galletta,et al.  An Empirical Investigation of Antecedents of Internet Abuse in the Workplace , 2003 .

[51]  J. Ford,et al.  Climate perceptions matter: a meta-analytic path analysis relating molar climate, cognitive and affective states, and individual level work outcomes. , 2003, The Journal of applied psychology.

[52]  Jane Mullen,et al.  Investigating factors that influence individual safety behavior at work. , 2004, Journal of safety research.

[53]  D. Zohar,et al.  Climate as a social-cognitive construction of supervisory safety practices: scripts as proxy of behavior patterns. , 2004, The Journal of applied psychology.

[54]  Wynne W. Chin,et al.  Factors motivating software piracy: a longitudinal study , 2004, IEEE Transactions on Engineering Management.

[55]  Robert J. Vandenberg,et al.  Creating safer workplaces: assessing the determinants and role of safety climate. , 2004 .

[56]  C. Chambliss,et al.  Cognitive procedures for smoking reduction: Symptom attribution versus efficacy attribution , 1979, Cognitive Therapy and Research.

[57]  Charles E. Heckler,et al.  Applied Multivariate Statistical Analysis , 2005, Technometrics.

[58]  Xianggui Qu,et al.  Multivariate Data Analysis , 2007, Technometrics.