The Mediating Role of Psychological Empowerment in Information Security Compliance Intentions

The issue of employee noncompliance with information security policies is universal. Noncompliance increases the possibility of invasive information security threats, which can result in compromised organizational assets. Although research has empirically revealed a relationship between structural empowerment and employee intention to comply with information security policies, the mediating role of psychological empowerment in the relationship has received limited attention. This study conceptualizes the role of psychological empowerment as a mediator between structural empowerment and the intention to comply with information security policy. It suggests that empowerment work structures, which include information security education, training, and awareness (SETA), access to information security strategic goals, and participation in information security decision-making all increase employees’ feelings of being psychologically empowered, which consequently leads to positive intentions to comply with information security policy.

[1]  Pia Heilmann,et al.  Agile HRM practices of SMEs , 2020 .

[2]  Lori N. K. Leonard,et al.  The Influence of Employee Affective Organizational Commitment on Security Policy Attitudes and Compliance Intentions , 2015 .

[3]  Latifa Ben Arfa Rabai,et al.  Classification of Security Threats in Information Systems , 2014, ANT/SEIT.

[4]  Kuang-Wei Wen,et al.  Organizations' Information Security Policy Compliance: Stick or Carrot Approach? , 2012, J. Manag. Inf. Syst..

[5]  Yufei Yuan,et al.  The effects of multilevel sanctions on information security violations: A mediating model , 2012, Inf. Manag..

[6]  Keshnee Padayachee,et al.  Taxonomy of compliant information security behavior , 2012, Comput. Secur..

[7]  Boris Groysberg,et al.  Leadership is a conversation. , 2012, Harvard business review.

[8]  J. Mathieu,et al.  Empowerment—Fad or Fab? A Multilevel Review of the Past Two Decades of Research , 2012 .

[9]  Jai-Yeol Son,et al.  Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies , 2011, Inf. Manag..

[10]  Catherine E. Connelly,et al.  Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model , 2011, J. Manag. Inf. Syst..

[11]  S. Courtright,et al.  Antecedents and consequences of psychological and team empowerment in organizations: a meta-analytic review. , 2011, The Journal of applied psychology.

[12]  Ping Zhang,et al.  Effects of Empowerment on Performance in Open-Source Software Projects , 2011, IEEE Transactions on Engineering Management.

[13]  R. Kline Principles and practice of structural equation modeling, 3rd ed. , 2011 .

[14]  Sandra G. Leggat,et al.  Does psychological empowerment mediate the relationship between high performance work systems and patient care quality in hospitals , 2010 .

[15]  Henri Barki,et al.  User Participation in Information Systems Security Risk Management , 2010, MIS Q..

[16]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[17]  Ritu Agarwal,et al.  Practicing Safe Computing: A Multimedia Empirical Examination of Home Computer User Security Behavioral Intentions , 2010, MIS Q..

[18]  Young U. Ryu,et al.  Self-efficacy in information security: Its influence on end users' information security practice behavior , 2009, Comput. Secur..

[19]  Tejaswini Herath,et al.  Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectiveness , 2009, Decis. Support Syst..

[20]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[21]  Laurie J. Kirsch,et al.  If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security , 2009, Eur. J. Inf. Syst..

[22]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[23]  David P. Lepak,et al.  Do they see eye to eye? Management and employee perspectives of high-performance work systems and influence processes on service quality. , 2009, The Journal of applied psychology.

[24]  Rolph E. Anderson,et al.  Multivariate Data Analysis (7th ed. , 2009 .

[25]  I. Mann Hacking the Human: Social Engineering Techniques and Security Countermeasures , 2008 .

[26]  Detmar W. Straub,et al.  Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..

[27]  Kristopher J Preacher,et al.  Asymptotic and resampling strategies for assessing and comparing indirect effects in multiple mediator models , 2008, Behavior research methods.

[28]  G. Dhillon,et al.  An Analysis of Information Security Governance Structures : the Case of Société Générale Bank , 2008 .

[29]  D. Ganster,et al.  The Effects of Empowerment on Attitudes and Performance: The Role of Social Support and Empowerment Beliefs , 2007 .

[30]  Eirik Albrechtsen,et al.  A qualitative study of users' view on information security , 2007, Comput. Secur..

[31]  Mikko T. Siponen,et al.  Which Factors Explain Employees' Adherence to Information Security Policies? An Empirical Study , 2007, PACIS.

[32]  Bradley L. Kirkman,et al.  Taking Stock: A review of more than twenty years of research on empowerment at work , 2007 .

[33]  V. Sridhar,et al.  Challenges in Managing Information Security in Academic Institutions: Case of MDI in India , 2007 .

[34]  H. J. Frank About the authors , 2021, Gov. Inf. Q..

[35]  Roger B. Rensvold,et al.  An interactional perspective on perceived empowerment: the role of personal needs and task context , 2006 .

[36]  Margaret A. Shaffer,et al.  Equity and relationship quality influences on organizational citizenship behaviors: The mediating role of trust in the supervisor and empowerment , 2005 .

[37]  Irene M. Y. Woon,et al.  Forthcoming: Journal of Information Privacy and Security , 2022 .

[38]  Sharon Perez Case Study: The Case of a Computer Hack , 2005 .

[39]  Gurpreet Dhillon,et al.  Computer crime at CEFORMA: a case study , 2004, Int. J. Inf. Manag..

[40]  John Leach,et al.  Improving user security behaviour , 2003, Comput. Secur..

[41]  Richard J. Klimoski,et al.  The Impact Of Expectations On Newcomer Performance In Teams As Mediated By Work Characteristics, Social Exchanges, And Empowerment , 2003 .

[42]  P. Shrout,et al.  Mediation in experimental and nonexperimental studies: new procedures and recommendations. , 2002, Psychological methods.

[43]  R. P. McDonald,et al.  Principles and practice in reporting structural equation analyses. , 2002, Psychological methods.

[44]  Piotr Wilk,et al.  Impact of Structural and Psychological Empowerment on Job Strain in Nursing Work Settings: Expanding Kanter’s Model , 2001, The Journal of nursing administration.

[45]  Gurpreet Dhillon,et al.  Refereed Papers: Violation of Safeguards by Trusted Personnel and Understanding Related Information Security Concerns , 2001 .

[46]  B. Byrne Structural equation modeling with EQS : basic concepts, applications, and programming , 2000 .

[47]  Elizabeth M. Weiss,et al.  Electronic monitoring in their own words: an exploratory study of employees' experiences with new types of surveillance , 2000 .

[48]  Detmar W. Straub,et al.  Structural Equation Modeling and Regression: Guidelines for Research Practice , 2000, Commun. Assoc. Inf. Syst..

[49]  Maria L. Kraimer,et al.  Psychological Empowerment as a Multidimensional Construct: A Test of Construct Validity , 1999 .

[50]  P. Bentler,et al.  Cutoff criteria for fit indexes in covariance structure analysis : Conventional criteria versus new alternatives , 1999 .

[51]  Stephen W. Nason,et al.  A Dimensional Analysis of the Relationship between Psychological Empowerment and Effectiveness Satisfaction, and Strain , 1997 .

[52]  G. Spreitzer,et al.  The road to empowerment: Seven questions every leader should consider , 1997 .

[53]  G. Spreitzer Social structural characteristics of psychological empowerment , 1996 .

[54]  R. Murray,et al.  An Empirical Study of Empowerment in the Workplace , 1996 .

[55]  James Backhouse,et al.  Structures of responsibility and security of information systems , 1996 .

[56]  H. Laschinger,et al.  A theoretical approach to studying work empowerment in nursing: a review of studies testing Kanter's theory of structural power in organizations. , 1996, Nursing administration quarterly.

[57]  G. Spreitzer An empirical test of a comprehensive model of intrapersonal empowerment in the workplace , 1995, American journal of community psychology.

[58]  G. Spreitzer PSYCHOLOGICAL EMPOWERMENT IN THE WORKPLACE: DIMENSIONS, MEASUREMENT, AND VALIDATION , 1995 .

[59]  Robert Knoop,et al.  Influence of Participative Decision-Making on Job Satisfaction and Organizational Commitment of School Principals , 1995 .

[60]  Eliezer Geisler,et al.  The Technology Payoff: How to Profit with Empowered Workers in the Information Age , 1994 .

[61]  Helen Nissenbaum,et al.  Computing and accountability , 1994, CACM.

[62]  Marilyn E. Gist,et al.  Self-Efficacy: A Theoretical Analysis of Its Determinants and Malleability , 1992 .

[63]  E. Lawler,et al.  The empowerment of service workers: what, why, how, and when. , 1992, Sloan management review.

[64]  K. Thomas,et al.  Cognitive Elements of Empowerment: An “Interpretive” Model of Intrinsic Task Motivation , 1990 .

[65]  Detmar W. Straub,et al.  Effective IS Security: An Empirical Study , 1990, Inf. Syst. Res..

[66]  S. Zedeck High-Involvement Management. , 1989 .

[67]  R. N. Kanungo,et al.  The Empowerment Process: Integrating Theory and Practice , 1988 .

[68]  James C. Anderson,et al.  STRUCTURAL EQUATION MODELING IN PRACTICE: A REVIEW AND RECOMMENDED TWO-STEP APPROACH , 1988 .

[69]  D. Vollrath,et al.  Employee Participation: Diverse Forms and Different Outcomes , 1988 .

[70]  Steven C. Ross,et al.  High-Involvement Management: Participative Strategies for Improving Organizational Performance , 1987 .

[71]  H. P. Sims,et al.  Leading Workers to Lead Themselves: The External Leadership of Self-Managing Work Teams. , 1987 .

[72]  George B. Graen,et al.  When managers decide not to decide autocratically: An investigation of leader–member exchange and decision influence. , 1986 .

[73]  M. Sobel Some New Results on Indirect Effects and Their Standard Errors in Covariance Structure Models , 1986 .

[74]  Edward L. Deci,et al.  Intrinsic Motivation and Self-Determination in Human Behavior , 1975, Perspectives in Social Psychology.

[75]  M. Sobel Asymptotic Confidence Intervals for Indirect Effects in Structural Equation Models , 1982 .

[76]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[77]  R. Sitgreaves Psychometric theory (2nd ed.). , 1979 .

[78]  Mary Anne Devanna Men and Women of the Corporation , 1978 .

[79]  A. Bandura Self-efficacy: toward a unifying theory of behavioral change. , 1977, Psychological review.