File Download

There are no files associated with this item.

  Links for fulltext
     (May Require Subscription)
Supplementary

Article: The role of extra-role behaviors and social controls in information security policy effectiveness

TitleThe role of extra-role behaviors and social controls in information security policy effectiveness
Authors
KeywordsInformation security policy
IS security
ISP
Organizations
SCT
Security management
Social control
Social control theory
Behavioral security
Extra-role behaviors
Formal control
In-role behaviors
Issue Date2015
Citation
Information Systems Research, 2015, v. 26, n. 2, p. 282-300 How to Cite?
Abstract© 2015 INFORMS.Although most behavioral security studies focus on organizational in-role behaviors such as information security policy (ISP) compliance, the role of organizational extra-role behaviors-security behaviors that benefit organizations but are not specified in ISPs-has long been overlooked. This study examines (1) the consequences of organizational in-role and extra-role security behaviors on the effectiveness of ISPs and (2) the role of formal and social controls in enhancing in-role and extra-role security behaviors in organizations. We propose that both in-role security behaviors and extra-role security behaviors contribute to ISP effectiveness. Furthermore, based on social control theory, we hypothesize that social control can boost both in- and extrarole security behaviors. Data collected from practitioners-including information systems (IS) managers and employees at many organizations-confirmed most of our hypotheses. Survey data from IS managers substantiated the importance of extra-role behaviors in improving ISP effectiveness. Paired data, collected from managers and employees in the same organizations, indicated that formal control and social control individually and interactively enhance both in- and extra-role security behaviors. We conclude by discussing the implications of this research for academics and practitioners, along with compelling future research possibilities.
Persistent Identifierhttp://hdl.handle.net/10722/233868
ISSN
2015 Impact Factor: 3.047
2015 SCImago Journal Rankings: 4.397

 

DC FieldValueLanguage
dc.contributor.authorHsu, Jack Shih Chieh-
dc.contributor.authorShih, Sheng Pao-
dc.contributor.authorHung, Yu Wen-
dc.contributor.authorLowry, Paul Benjamin-
dc.date.accessioned2016-09-27T07:21:51Z-
dc.date.available2016-09-27T07:21:51Z-
dc.date.issued2015-
dc.identifier.citationInformation Systems Research, 2015, v. 26, n. 2, p. 282-300-
dc.identifier.issn1047-7047-
dc.identifier.urihttp://hdl.handle.net/10722/233868-
dc.description.abstract© 2015 INFORMS.Although most behavioral security studies focus on organizational in-role behaviors such as information security policy (ISP) compliance, the role of organizational extra-role behaviors-security behaviors that benefit organizations but are not specified in ISPs-has long been overlooked. This study examines (1) the consequences of organizational in-role and extra-role security behaviors on the effectiveness of ISPs and (2) the role of formal and social controls in enhancing in-role and extra-role security behaviors in organizations. We propose that both in-role security behaviors and extra-role security behaviors contribute to ISP effectiveness. Furthermore, based on social control theory, we hypothesize that social control can boost both in- and extrarole security behaviors. Data collected from practitioners-including information systems (IS) managers and employees at many organizations-confirmed most of our hypotheses. Survey data from IS managers substantiated the importance of extra-role behaviors in improving ISP effectiveness. Paired data, collected from managers and employees in the same organizations, indicated that formal control and social control individually and interactively enhance both in- and extra-role security behaviors. We conclude by discussing the implications of this research for academics and practitioners, along with compelling future research possibilities.-
dc.languageeng-
dc.relation.ispartofInformation Systems Research-
dc.subjectInformation security policy-
dc.subjectIS security-
dc.subjectISP-
dc.subjectOrganizations-
dc.subjectSCT-
dc.subjectSecurity management-
dc.subjectSocial control-
dc.subjectSocial control theory-
dc.subjectBehavioral security-
dc.subjectExtra-role behaviors-
dc.subjectFormal control-
dc.subjectIn-role behaviors-
dc.titleThe role of extra-role behaviors and social controls in information security policy effectiveness-
dc.typeArticle-
dc.description.natureLink_to_subscribed_fulltext-
dc.identifier.doi10.1287/isre.2015.0569-
dc.identifier.scopuseid_2-s2.0-84957019962-
dc.identifier.volume26-
dc.identifier.issue2-
dc.identifier.spage282-
dc.identifier.epage300-
dc.identifier.eissn1526-5536-

Export via OAI-PMH Interface in XML Formats


OR


Export to Other Non-XML Formats