Influence of Security Compliance Demands and Resources on Security Compliance-An Exploratory Study in Vietnam

This study extends current information security compliance research by adapting "work-stress model" of the Job Demands-Resources (JD-R) model to explore how security compliance demands and security resources influence the system users' information security compliance. The paper proposes that security compliance burnout and security engagement as the mediating factors between security compliance demands, security resources and individual security compliance. We employed a multi-case study method to explore the characteristics of security compliance demands and security resources that could influence security compliance. Interviews with system users in three organisations in Vietnam revealed three types of security compliance and four types of security resources that may influence security compliance burnout and engagement respectively. Practical implications of the initial findings are also presented.

[1]  R. W. Rogers,et al.  Protection motivation and self-efficacy: A revised theory of fear appeals and attitude change , 1983 .

[2]  A. Bakker,et al.  The job demands-resources model of burnout. , 2001, The Journal of applied psychology.

[3]  A. Bakker,et al.  Present but sick: a three‐wave study on job demands, presenteeism and burnout , 2009 .

[4]  David Lacey Understanding and transforming organizational security culture , 2010, Inf. Manag. Comput. Secur..

[5]  Yufei Yuan,et al.  The effects of multilevel sanctions on information security violations: A mediating model , 2012, Inf. Manag..

[6]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[7]  R. W. Rogers,et al.  A Protection Motivation Theory of Fear Appeals and Attitude Change1. , 1975, The Journal of psychology.

[8]  S. Furnell,et al.  Understanding the influences on information security behaviour , 2012 .

[9]  Paul E. Spector,et al.  The Relation between Work–Family Conflict and Job Satisfaction: A Finer-Grained Analysis , 2002 .

[10]  Sylwia Męcfal Recenzja książki. Robert K. yin, Case Study Research. Design and Methods (fourth Edition), thousand Oaks, CA: Sage Publications, 2009 , 2012 .

[11]  Sang M. Lee,et al.  An integrative model of computer abuse based on social control and general deterrence theories , 2004, Inf. Manag..

[12]  James Cox,et al.  Information systems user security: A structured model of the knowing-doing gap , 2012, Comput. Hum. Behav..

[13]  D. J. Dwyer,et al.  The effects of job demands and control on employee attendance and satisfaction , 1991 .

[14]  A. Bakker,et al.  Job demands, job resources, and their relationship with burnout and engagement: a multi‐sample study , 2004 .

[15]  Qing Hu,et al.  Does deterrence work in reducing information security policy abuse by employees? , 2011, Commun. ACM.

[16]  G. Paré Investigating Information Systems with Positivist Case Study Research , 2004 .

[17]  Keshnee Padayachee,et al.  Taxonomy of compliant information security behavior , 2012, Comput. Secur..

[18]  David F. Champion,et al.  Maslach Burnout Inventory , 1984 .

[19]  Georg F. Bauer,et al.  Bridging Occupational, Organizational and Public Health: A Transdisciplinary Approach , 2013 .

[20]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[21]  Mikko T. Siponen,et al.  Motivating IS security compliance: Insights from Habit and Protection Motivation Theory , 2012, Inf. Manag..

[22]  Tejaswini Herath,et al.  Understanding Employee Responses to Stressful Information Security Requirements: A Coping Perspective , 2014, J. Manag. Inf. Syst..

[23]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..

[24]  Jean Hartley,et al.  Case study research , 2004 .

[25]  Gurpreet Dhillon,et al.  Value‐focused assessment of information system security in organizations , 2006, Inf. Syst. J..

[26]  R. Yin Case Study Research: Design and Methods , 1984 .

[27]  Philip E. T. Lewis,et al.  Research Methods for Business Students , 2006 .

[28]  Mikko T. Siponen,et al.  IS Security Policy Violations: A Rational Choice Perspective , 2012, J. Organ. End User Comput..

[29]  Princely Ifinedo,et al.  Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory , 2012, Comput. Secur..

[30]  Hock-Hai Teo,et al.  An integrative study of information systems security effectiveness , 2003, Int. J. Inf. Manag..

[31]  A. Bakker,et al.  The job demands-resources model : state of the art , 2007 .

[32]  Marc Dussault,et al.  How do job characteristics contribute to burnout? Exploring the distinct mediating roles of perceived autonomy, competence, and relatedness , 2013 .

[33]  Marcus A. Butavicius,et al.  Human Factors and Information Security: Individual, Culture and Security Environment , 2010 .

[34]  Saman Asadi Value focused assessment of information system security , 2014 .

[35]  Eean R. Crawford,et al.  Linking job demands and resources to employee engagement and burnout: a theoretical extension and meta-analytic test. , 2010, The Journal of applied psychology.

[36]  Toon W. Taris,et al.  A Critical Review of the Job Demands-Resources Model: Implications for Improving Work and Health , 2014 .

[37]  Guy Paré,et al.  Investigating Information Systems with Positivist Case Research , 2004, Commun. Assoc. Inf. Syst..

[38]  Anat Hovav,et al.  Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea , 2012, Inf. Manag..

[39]  増田 真也,et al.  バーンアウト測定尺度 Maslach Burnout Inventory-General Survey(MBI-GS)の概要と日本版について , 2011 .