教師資料查詢 | 類別: 會議論文 | 教師: 施盛寶 Shih, Sheng-pao (瀏覽個人網頁)

標題:Ensuring employees' ISP compliance: A combination of deterrence and regulatory focus approach
學年104
學期2
發表日期2016/04/05
作品名稱Ensuring employees' ISP compliance: A combination of deterrence and regulatory focus approach
作品名稱(其他語言)
著者Shih, Sheng-Pao; Jack Shih-Chieh Hsu; Huang, Hsin-Yi; Peng, Cheng-Hui
作品所屬單位
出版者
會議名稱Forty-Fifth Annual Conference of the Western Decision Sciences Institute
會議地點Las Vegas, U.S.A.
摘要Deterrence theory has been widely applied in information security behavioral research. In organizations,
employees’ information security policy (ISP) compliance is definitely an important information security
behavior. To explore employees’ ISP compliance, previous information security behavioral studies
mainly based on the perspective of sanctions from deterrence theory; however, these studies have
inconsistent results of deterrence effect, which mean that the direct effects of deterrence on employees’
information security behaviors are not universally applicable in all organization settings [1]. In addition,
while most ISP compliance studies applied deterrence theory focus on the impacts of deterrence (i.e.
punishment severity and detection certainty) on ISP compliance behaviors, these studies ignored the fact
that, different individuals tend to have two fundamental needs: nurturance and security [2], that may
affect the magnitude of the impact of deterrence on ISP compliance behaviors. Regulatory focus theory
explains the needs and formulates two different regulatory foci: promotion and prevention. Promotion
focus is more associated with need for growth and achievement, whereas prevention focus is more
driven by security needs. In view of aforementioned research gaps, based on the deterrence theory and
regulatory focus theory, this study tries to understand the effect of different regulatory focus on the
relationship between deterrence and employees’ ISP compliance intention. We collected data through a
questionnaire survey from the employees working in high tech industry in Taiwan. The results show that
detection certainty and punishment severity positively affect ISP compliance intention. The relationship
between punishment severity and ISP compliance intention is moderated by prevention focus and the
relationship between detection certainty and ISP compliance intention is moderated by promotion focus.
This study provides an in-depth understanding of deterrence in ISP compliance context while suggesting
that regulatory focus plays an important role in affecting employees’ compliance with information
security policy. Implications for both academic and practice are also highlighted to address the
moderating effects on the relationship between deterrence and ISP compliance intention
關鍵字
語言英文(美國)
收錄於
會議性質國際
校內研討會地點
研討會時間20160405~20160409
通訊作者
國別美國
公開徵稿
出版型式
出處Proceedings of Forty-Fifth Annual Conference of the Western Decision Sciences Institute , pp.173-188
相關連結
Google+ 推薦功能,讓全世界都能看到您的推薦!