File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1111/isj.12043
- Scopus: eid_2-s2.0-84937032387
- WOS: WOS:000358125700002
- Find via
Supplementary
- Citations:
- Appears in Collections:
Article: Proposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organisational information security policies
Title | Proposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organisational information security policies |
---|---|
Authors | |
Keywords | Compliance Information security policies Organisation security Reactance Reactance theory Control theory |
Issue Date | 2015 |
Citation | Information Systems Journal, 2015, v. 25, n. 5, p. 433-463 How to Cite? |
Abstract | © 2014 Wiley Publishing Ltd.Organisations increasingly rely on information and related systems, which are also a source of risk. Unfortunately, employees represent the greatest risk to organisational information because they are the most frequent source of information security breaches. To address this 'weak link' in organisational security, most organisations have strict information security policies (ISPs) designed to thwart employee information abuses. Regrettably, these ISPs are only partially effective because employees often ignore them, circumvent them or even do the opposite of what management desires. Research on attempts to increase ISP compliance has produced similarly mixed results. Lack of compliance with ISPs is a widespread organisational issue that increasingly bears disproportionately large direct and qualitative costs that undermine strategy. Consequently, the purpose of our study was to contribute to the understanding of both motivations to comply with new ISPs and motivations to react negatively against them. To do so, we proposed an innovative model, the control-reactance compliance model (CRCM), which combines organisational control theory - a model that explains ISP compliance - with reactance theory - a model used to explain ISP noncompliance. To test CRCM, we used a sample of 320 working professionals in a variety of industries to examine the likely organisational outcomes of the delivery of a new ISP to employees in the form of a typical memo sent throughout an organisation. We largely found support for CRCM, and this study concludes with an explanation of the model's contributions to research and practice related to organisational ISP compliance. |
Persistent Identifier | http://hdl.handle.net/10722/233853 |
ISSN | 2023 Impact Factor: 6.5 2023 SCImago Journal Rankings: 2.768 |
ISI Accession Number ID |
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Lowry, Paul Benjamin | - |
dc.contributor.author | Moody, Gregory D. | - |
dc.date.accessioned | 2016-09-27T07:21:49Z | - |
dc.date.available | 2016-09-27T07:21:49Z | - |
dc.date.issued | 2015 | - |
dc.identifier.citation | Information Systems Journal, 2015, v. 25, n. 5, p. 433-463 | - |
dc.identifier.issn | 1350-1917 | - |
dc.identifier.uri | http://hdl.handle.net/10722/233853 | - |
dc.description.abstract | © 2014 Wiley Publishing Ltd.Organisations increasingly rely on information and related systems, which are also a source of risk. Unfortunately, employees represent the greatest risk to organisational information because they are the most frequent source of information security breaches. To address this 'weak link' in organisational security, most organisations have strict information security policies (ISPs) designed to thwart employee information abuses. Regrettably, these ISPs are only partially effective because employees often ignore them, circumvent them or even do the opposite of what management desires. Research on attempts to increase ISP compliance has produced similarly mixed results. Lack of compliance with ISPs is a widespread organisational issue that increasingly bears disproportionately large direct and qualitative costs that undermine strategy. Consequently, the purpose of our study was to contribute to the understanding of both motivations to comply with new ISPs and motivations to react negatively against them. To do so, we proposed an innovative model, the control-reactance compliance model (CRCM), which combines organisational control theory - a model that explains ISP compliance - with reactance theory - a model used to explain ISP noncompliance. To test CRCM, we used a sample of 320 working professionals in a variety of industries to examine the likely organisational outcomes of the delivery of a new ISP to employees in the form of a typical memo sent throughout an organisation. We largely found support for CRCM, and this study concludes with an explanation of the model's contributions to research and practice related to organisational ISP compliance. | - |
dc.language | eng | - |
dc.relation.ispartof | Information Systems Journal | - |
dc.subject | Compliance | - |
dc.subject | Information security policies | - |
dc.subject | Organisation security | - |
dc.subject | Reactance | - |
dc.subject | Reactance theory | - |
dc.subject | Control theory | - |
dc.title | Proposing the control-reactance compliance model (CRCM) to explain opposing motivations to comply with organisational information security policies | - |
dc.type | Article | - |
dc.description.nature | link_to_subscribed_fulltext | - |
dc.identifier.doi | 10.1111/isj.12043 | - |
dc.identifier.scopus | eid_2-s2.0-84937032387 | - |
dc.identifier.volume | 25 | - |
dc.identifier.issue | 5 | - |
dc.identifier.spage | 433 | - |
dc.identifier.epage | 463 | - |
dc.identifier.eissn | 1365-2575 | - |
dc.identifier.isi | WOS:000358125700002 | - |
dc.identifier.issnl | 1350-1917 | - |