An integrative model of information security policy compliance with psychological contract: Examining a bilateral perspective

Psychological contract fulfillment is integrated into ISP compliance research model.The difference between supervisor and supervisee groups was found in the integrated model.The mediating effect of psychological contract fulfillment exists in the supervisor group.Employees anticipate to comply with ISP when they recognize the benefits of ISP compliance. Organizations are trying to induce employees to comply with information security policy (ISP) as organizational damage of information breach incidents gets serious. Many previous approaches to ISP compliance have focused on security technologies. However, researchers in this area agree that technology approach is not sufficient so that other approaches such as behavioral and social are required. This study suggests the integrated research model including ISP compliance antecedents and psychological contract fulfillment. The study investigates the mediating effect of psychological contract fulfillment between perceived costs and ISP compliance intention comparing supervisor and supervisee groups. The results show that psychological contract fulfillment can mitigate the negative effect of costs on ISP compliance intention in supervisor group. Employees also anticipate complying with ISP when they recognize the benefits of ISP compliance. This study could shed more lights on the ISP compliance area by integrating and examining ISP compliance research model with psychological contract as a social factor.

[1]  Tero Vartiainen,et al.  What levels of moral reasoning and values explain adherence to information security rules? An empirical study , 2009, Eur. J. Inf. Syst..

[2]  Jill R. Kickul,et al.  Broken Promises: Equity Sensitivity as a Moderator Between Psychological Contract Breach and Employee Attitudes and Behavior , 2001 .

[3]  R. Liden,et al.  Perceived Organizational Support And Leader-Member Exchange: A Social Exchange Perspective , 1997 .

[4]  Denise M. Rousseau,et al.  New hire perceptions of their own and their employer's obligations: A study of psychological contracts , 1990 .

[5]  Neil Conway,et al.  The reciprocal relationship between psychological contract fulfilment and employee performance and the moderating role of perceived organizational support and tenure , 2012 .

[6]  Humayun Zafar,et al.  Current State of Information Security Research In IS , 2009, Commun. Assoc. Inf. Syst..

[7]  Gregory A. Witte,et al.  Framework for Improving Critical Infrastructure Cybersecurity | NIST , 2014 .

[8]  Michael D. Wybo,et al.  Protecting Organizational Information Resources , 1989 .

[9]  M. Breitner,et al.  Information security awareness and behavior: a theory-based literature review , 2014 .

[10]  R. Paternoster,et al.  Rational Choice, Agency and Thoughtfully Reflective Decision Making: The Short and Long-Term Consequences of Making Good Choices , 2009 .

[11]  B. McCarthy NEW ECONOMICS OF SOCIOLOGICAL CRIMINOLOGY , 2002 .

[12]  Mo Adam Mahmood,et al.  Employees' Behavior towards IS Security Policy Compliance , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[13]  H. Raghav Rao,et al.  Protection motivation and deterrence: a framework for security policy compliance in organisations , 2009, Eur. J. Inf. Syst..

[14]  Lars P. Feld,et al.  Tax Compliance as the Result of a Psychological Tax Contract: The Role of Incentives and Responsive Regulation , 2006 .

[15]  Detmar W. Straub,et al.  Coping With Systems Risk: Security Planning Models for Management Decision Making , 1998, MIS Q..

[16]  Chris Maser,et al.  The Reciprocal Relationship between Land and Sea , 2014 .

[17]  Scott W. Lester,et al.  The Impact of Psychological Contract Fulfillment on the Performance of In-Role and Organizational Citizenship Behaviors , 2003 .

[18]  L. Shore,et al.  Examining degree of balance and level of obligation in the employment relationship: a social exchange approach , 1998 .

[19]  E. Morrison,et al.  WHEN EMPLOYEES FEEL BETRAYED: A MODEL OF HOW PSYCHOLOGICAL CONTRACT VIOLATION DEVELOPS , 1997 .

[20]  Dennis F. Galletta,et al.  User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach , 2009, Inf. Syst. Res..

[21]  Qing Hu,et al.  Future directions for behavioral information security research , 2013, Comput. Secur..

[22]  Wynne W. Chin,et al.  A Partial Least Squares Latent Variable Modeling Approach for Measuring Interaction Effects: Results from a Monte Carlo Simulation Study and an Electronic - Mail Emotion/Adoption Study , 2003, Inf. Syst. Res..

[23]  Neil Anderson,et al.  Changes in newcomers' psychological contracts during organizational socialization: a study of recruits entering the British Army , 1998 .

[24]  Mikko T. Siponen,et al.  Motivating IS security compliance: Insights from Habit and Protection Motivation Theory , 2012, Inf. Manag..

[25]  James C. Anderson,et al.  STRUCTURAL EQUATION MODELING IN PRACTICE: A REVIEW AND RECOMMENDED TWO-STEP APPROACH , 1988 .

[26]  Detmar W. Straub,et al.  Security lapses and the omission of information security measures: A threat control model and empirical test , 2008, Comput. Hum. Behav..

[27]  Tom R. Tyler,et al.  Can Businesses Effectively Regulate Employee Conduct? The Antecedents of Rule Following in Work Settings , 2005 .

[28]  Izak Benbasat,et al.  Roles of Information Security Awareness and Perceived Fairness in Information Security Policy Compliance , 2009, AMCIS.

[29]  Kristopher J Preacher,et al.  Asymptotic and resampling strategies for assessing and comparing indirect effects in multiple mediator models , 2008, Behavior research methods.

[30]  Anat Hovav,et al.  Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South Korea , 2012, Inf. Manag..

[31]  Barack Obama,et al.  Statement on the Release of the 'Framework for Improving Critical Infrastructure Cybersecurity' by the National Institute of Standards and Technology, February 12, 2014 , 2014 .

[32]  T. Tyler Why People Obey the Law , 2021 .

[33]  G. Homans,et al.  Social Behavior: Its Elementary Forms. , 1961 .

[34]  Jae-Shin Lee,et al.  Optimistic bias about online privacy risks: Testing the moderating effects of perceived controllability and prior experience , 2010, Comput. Hum. Behav..

[35]  R. Paternoster,et al.  Sanction threats and appeals to morality : Testing a rational choice model of corporate crime , 1996 .

[36]  Rathindra Sarathy,et al.  Understanding compliance with internet use policy from the perspective of rational choice theory , 2010, Decis. Support Syst..

[37]  Detmar W. Straub,et al.  Validating Instruments in MIS Research , 1989, MIS Q..

[38]  A. D. De Lange,et al.  Psychological contract breach and job attitudes: A meta-analysis of age as a moderator , 2008 .

[39]  Younghwa Lee,et al.  Understanding anti-plagiarism software adoption: An extended protection motivation theory perspective , 2011, Decis. Support Syst..

[40]  Alfred Kobsa,et al.  The effect of personalization provider characteristics on privacy attitudes and behaviors: An Elaboration Likelihood Model approach , 2016, J. Assoc. Inf. Sci. Technol..

[41]  D. Rousseau Psychological contracts in organizations : understanding written and unwritten agreements , 1995 .

[42]  C. Fornell,et al.  Evaluating structural equation models with unobservable variables and measurement error. , 1981 .

[43]  Rolph E. Anderson,et al.  Multivariate data analysis with readings (2nd ed.) , 1986 .

[44]  Izak Benbasat,et al.  Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness , 2010, MIS Q..

[45]  Detmar W. Straub,et al.  Information Security: Policy, Processes, and Practices , 2008 .

[46]  Thomas W. H. Ng,et al.  Age, work experience, and the psychological contract , 2009 .

[47]  Tamara Dinev,et al.  Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture , 2012, Decis. Sci..

[48]  A. Tversky,et al.  Rational choice and the framing of decisions , 1990 .

[49]  Anthony M. Townsend,et al.  Information Systems Security and the Need for Policy , 2001 .

[50]  Rémi Jardat,et al.  Psychological Contracts in Organizations Understanding Written and Unwritten Agreements , 2011 .

[51]  Michael E. Whitman,et al.  In defense of the realm: understanding the threats to information security , 2004, Int. J. Inf. Manag..

[52]  Hao Zhao,et al.  THE IMPACT OF PSYCHOLOGICAL CONTRACT BREACH ON WORK‐RELATED OUTCOMES: A META‐ANALYSIS , 2007 .

[53]  Princely Ifinedo,et al.  Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory , 2012, Comput. Secur..

[54]  John P. Kotter,et al.  The Psychological Contract: Managing the Joining-up Process , 1973 .

[55]  Steven Furnell,et al.  Information security policy compliance model in organizations , 2016, Comput. Secur..

[56]  Jintae Lee,et al.  A holistic model of computer abuse within organizations , 2002, Inf. Manag. Comput. Secur..

[57]  Wynne W. Chin,et al.  A Partial Least Squares Latent Variable Modeling Approach for Measuring Interaction Effects: Results from a Monte Carlo Simulation Study and Voice Mail Emotion/Adoption Study , 1996, ICIS.

[58]  Wynne W. Chin The partial least squares approach for structural equation modeling. , 1998 .

[59]  Michael R. Mullen Diagnosing Measurement Equivalence in Cross-National Research , 1995 .

[60]  Edward L. Deci,et al.  Intrinsic Motivation and Self-Determination in Human Behavior , 1975, Perspectives in Social Psychology.