File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1287/isre.2015.0569
- Scopus: eid_2-s2.0-84957019962
- WOS: WOS:000356605700003
- Find via
Supplementary
- Citations:
- Appears in Collections:
Article: The role of extra-role behaviors and social controls in information security policy effectiveness
Title | The role of extra-role behaviors and social controls in information security policy effectiveness |
---|---|
Authors | |
Keywords | Information security policy IS security ISP Organizations SCT Security management Social control Social control theory Behavioral security Extra-role behaviors Formal control In-role behaviors |
Issue Date | 2015 |
Citation | Information Systems Research, 2015, v. 26, n. 2, p. 282-300 How to Cite? |
Abstract | © 2015 INFORMS.Although most behavioral security studies focus on organizational in-role behaviors such as information security policy (ISP) compliance, the role of organizational extra-role behaviors-security behaviors that benefit organizations but are not specified in ISPs-has long been overlooked. This study examines (1) the consequences of organizational in-role and extra-role security behaviors on the effectiveness of ISPs and (2) the role of formal and social controls in enhancing in-role and extra-role security behaviors in organizations. We propose that both in-role security behaviors and extra-role security behaviors contribute to ISP effectiveness. Furthermore, based on social control theory, we hypothesize that social control can boost both in- and extrarole security behaviors. Data collected from practitioners-including information systems (IS) managers and employees at many organizations-confirmed most of our hypotheses. Survey data from IS managers substantiated the importance of extra-role behaviors in improving ISP effectiveness. Paired data, collected from managers and employees in the same organizations, indicated that formal control and social control individually and interactively enhance both in- and extra-role security behaviors. We conclude by discussing the implications of this research for academics and practitioners, along with compelling future research possibilities. |
Persistent Identifier | http://hdl.handle.net/10722/233868 |
ISSN | 2023 Impact Factor: 5.0 2023 SCImago Journal Rankings: 4.176 |
ISI Accession Number ID |
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Hsu, Jack Shih Chieh | - |
dc.contributor.author | Shih, Sheng Pao | - |
dc.contributor.author | Hung, Yu Wen | - |
dc.contributor.author | Lowry, Paul Benjamin | - |
dc.date.accessioned | 2016-09-27T07:21:51Z | - |
dc.date.available | 2016-09-27T07:21:51Z | - |
dc.date.issued | 2015 | - |
dc.identifier.citation | Information Systems Research, 2015, v. 26, n. 2, p. 282-300 | - |
dc.identifier.issn | 1047-7047 | - |
dc.identifier.uri | http://hdl.handle.net/10722/233868 | - |
dc.description.abstract | © 2015 INFORMS.Although most behavioral security studies focus on organizational in-role behaviors such as information security policy (ISP) compliance, the role of organizational extra-role behaviors-security behaviors that benefit organizations but are not specified in ISPs-has long been overlooked. This study examines (1) the consequences of organizational in-role and extra-role security behaviors on the effectiveness of ISPs and (2) the role of formal and social controls in enhancing in-role and extra-role security behaviors in organizations. We propose that both in-role security behaviors and extra-role security behaviors contribute to ISP effectiveness. Furthermore, based on social control theory, we hypothesize that social control can boost both in- and extrarole security behaviors. Data collected from practitioners-including information systems (IS) managers and employees at many organizations-confirmed most of our hypotheses. Survey data from IS managers substantiated the importance of extra-role behaviors in improving ISP effectiveness. Paired data, collected from managers and employees in the same organizations, indicated that formal control and social control individually and interactively enhance both in- and extra-role security behaviors. We conclude by discussing the implications of this research for academics and practitioners, along with compelling future research possibilities. | - |
dc.language | eng | - |
dc.relation.ispartof | Information Systems Research | - |
dc.subject | Information security policy | - |
dc.subject | IS security | - |
dc.subject | ISP | - |
dc.subject | Organizations | - |
dc.subject | SCT | - |
dc.subject | Security management | - |
dc.subject | Social control | - |
dc.subject | Social control theory | - |
dc.subject | Behavioral security | - |
dc.subject | Extra-role behaviors | - |
dc.subject | Formal control | - |
dc.subject | In-role behaviors | - |
dc.title | The role of extra-role behaviors and social controls in information security policy effectiveness | - |
dc.type | Article | - |
dc.description.nature | link_to_subscribed_fulltext | - |
dc.identifier.doi | 10.1287/isre.2015.0569 | - |
dc.identifier.scopus | eid_2-s2.0-84957019962 | - |
dc.identifier.volume | 26 | - |
dc.identifier.issue | 2 | - |
dc.identifier.spage | 282 | - |
dc.identifier.epage | 300 | - |
dc.identifier.eissn | 1526-5536 | - |
dc.identifier.isi | WOS:000356605700003 | - |
dc.identifier.issnl | 1047-7047 | - |