Information Security Policy Compliance: An Empirical Study on Escalation of Commitment
2013 (English)In: 19th Americas Conference on Information Systems (AMCIS 2013): Hyperconnected World : Anything Anywhere, Anytime, Red Hook, N.Y.: Curran Associates, Inc., 2013, p. 2011-2020Conference paper, Published paper (Refereed)
Abstract [en]
This study aims to facilitate a new understanding on employees’ attitude towards compliance with the requirements of their information security policy (ISPs) through the lens of escalation. Escalation presents a situation in which employees must decide whether to persist in or withdraw from a non-performing task. Drawing on the Theory of Planned Behavior (TPB) and Agency Theory, our model delineates three mediating factors in explaining attitude: work impediment, information asymmetry, and safety of resources. We also propose information security awareness as an independent variable having an indirect effect on attitude through mediating factors. The proposed model is tested using the data collected from 376 employees working in the banking industry. The results of the PLS analyses show that while information asymmetry and safety of resources have significant impacts on attitude, work impediment does not. The results also show that ISA has significant impact on all three mediating factors.
Place, publisher, year, edition, pages
Red Hook, N.Y.: Curran Associates, Inc., 2013. p. 2011-2020
Keywords [en]
Agency theory, Compliance, Escalation of commitment, Information security, Information security awareness, Information security policy, Insiders
National Category
Information Systems
Research subject
Computer and Information Sciences Computer Science, Information Systems
Identifiers
URN: urn:nbn:se:oru:diva-62332Scopus ID: 2-s2.0-84893234429ISBN: 9781629933948 (print)OAI: oai:DiVA.org:oru-62332DiVA, id: diva2:1156401
Conference
19th Americas Conference on Information Systems, Chicago, Illinois, USA, August 15-17, 2013
2013-12-102017-11-132024-09-16Bibliographically approved