Abstract
Deterrence and rational choice calculus theories can regulate or motivate employees' compliance with information systems security policy (ISSP). However, the two well-developed theories may not fully induce compliance behavior of ISSP given the growing trend of IS security violation in China. Deterrence and rational choice calculus employ an assumption of general awareness of ISSP to address compliance behavior. However, employees may judge their compliance behavior of ISSP in terms of positive and negative emotions but not the trade-off of benefits and costs (risks) only in the compliance. Grounded in regulatory focus theory (RFT), we propose a research model that addresses the motivational mechanisms for employees to comply with ISSP. We adopt a scenario-based questionnaire to survey employees of Chinese SMEs for model testing. The empirical results indicate that promotion-Approach is better than promotion-Avoidance in motivating compliance intention when employees are aware of the ISSP in their companies. However, promotion-Approach and promotion-Avoidance are ineffective in inducing compliance intention when employees are unaware of ISSP in Chinese SMEs. Information security awareness is not a necessary condition of the compliance of ISSP. Additionally, prevention-Approach is better than prevention-Avoidance in motivating compliance intention regardless of whether employees are aware or unaware of ISSP in the workplace. Our empirical results can provide meaningful implications for academics and practitioners.
Original language | English |
---|---|
Title of host publication | Proceedings of 2016 International Conference on Information Management, ICIM 2016 |
Publisher | IEEE |
Pages | 110-115 |
Number of pages | 6 |
ISBN (Electronic) | 9781509014705 |
DOIs | |
Publication status | Published - 23 May 2016 |
Event | International Conference on Information Management, ICIM 2016 - London, United Kingdom Duration: 7 May 2016 → 8 May 2016 |
Conference
Conference | International Conference on Information Management, ICIM 2016 |
---|---|
Country/Territory | United Kingdom |
City | London |
Period | 7/05/16 → 8/05/16 |
Keywords
- compliance
- information systems security policy (ISSP)
- prevention
- promotion
- regulatory focus theory (RFT)
ASJC Scopus subject areas
- Information Systems
- Computer Networks and Communications
- Information Systems and Management