File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Article: Proposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organisational information security policies

TitleProposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organisational information security policies
Authors
KeywordsCompliance
Information security policies
Organisation security
Reactance
Reactance theory
Control theory
Issue Date2015
Citation
Information Systems Journal, 2015, v. 25, n. 5, p. 433-463 How to Cite?
Abstract© 2014 Wiley Publishing Ltd.Organisations increasingly rely on information and related systems, which are also a source of risk. Unfortunately, employees represent the greatest risk to organisational information because they are the most frequent source of information security breaches. To address this 'weak link' in organisational security, most organisations have strict information security policies (ISPs) designed to thwart employee information abuses. Regrettably, these ISPs are only partially effective because employees often ignore them, circumvent them or even do the opposite of what management desires. Research on attempts to increase ISP compliance has produced similarly mixed results. Lack of compliance with ISPs is a widespread organisational issue that increasingly bears disproportionately large direct and qualitative costs that undermine strategy. Consequently, the purpose of our study was to contribute to the understanding of both motivations to comply with new ISPs and motivations to react negatively against them. To do so, we proposed an innovative model, the control-reactance compliance model (CRCM), which combines organisational control theory - a model that explains ISP compliance - with reactance theory - a model used to explain ISP noncompliance. To test CRCM, we used a sample of 320 working professionals in a variety of industries to examine the likely organisational outcomes of the delivery of a new ISP to employees in the form of a typical memo sent throughout an organisation. We largely found support for CRCM, and this study concludes with an explanation of the model's contributions to research and practice related to organisational ISP compliance.
Persistent Identifierhttp://hdl.handle.net/10722/233853
ISSN
2015 Impact Factor: 2.522
2015 SCImago Journal Rankings: 1.575

 

DC FieldValueLanguage
dc.contributor.authorLowry, Paul Benjamin-
dc.contributor.authorMoody, Gregory D.-
dc.date.accessioned2016-09-27T07:21:49Z-
dc.date.available2016-09-27T07:21:49Z-
dc.date.issued2015-
dc.identifier.citationInformation Systems Journal, 2015, v. 25, n. 5, p. 433-463-
dc.identifier.issn1350-1917-
dc.identifier.urihttp://hdl.handle.net/10722/233853-
dc.description.abstract© 2014 Wiley Publishing Ltd.Organisations increasingly rely on information and related systems, which are also a source of risk. Unfortunately, employees represent the greatest risk to organisational information because they are the most frequent source of information security breaches. To address this 'weak link' in organisational security, most organisations have strict information security policies (ISPs) designed to thwart employee information abuses. Regrettably, these ISPs are only partially effective because employees often ignore them, circumvent them or even do the opposite of what management desires. Research on attempts to increase ISP compliance has produced similarly mixed results. Lack of compliance with ISPs is a widespread organisational issue that increasingly bears disproportionately large direct and qualitative costs that undermine strategy. Consequently, the purpose of our study was to contribute to the understanding of both motivations to comply with new ISPs and motivations to react negatively against them. To do so, we proposed an innovative model, the control-reactance compliance model (CRCM), which combines organisational control theory - a model that explains ISP compliance - with reactance theory - a model used to explain ISP noncompliance. To test CRCM, we used a sample of 320 working professionals in a variety of industries to examine the likely organisational outcomes of the delivery of a new ISP to employees in the form of a typical memo sent throughout an organisation. We largely found support for CRCM, and this study concludes with an explanation of the model's contributions to research and practice related to organisational ISP compliance.-
dc.languageeng-
dc.relation.ispartofInformation Systems Journal-
dc.subjectCompliance-
dc.subjectInformation security policies-
dc.subjectOrganisation security-
dc.subjectReactance-
dc.subjectReactance theory-
dc.subjectControl theory-
dc.titleProposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organisational information security policies-
dc.typeArticle-
dc.description.natureLink_to_subscribed_fulltext-
dc.identifier.doi10.1111/isj.12043-
dc.identifier.scopuseid_2-s2.0-84937032387-
dc.identifier.volume25-
dc.identifier.issue5-
dc.identifier.spage433-
dc.identifier.epage463-
dc.identifier.eissn1365-2575-

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats