An Integrative Behavioral Model of Information Security Policy Compliance
The authors found the behavioral factors that influence the organization members’ compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Hindawi Limited
2014-01-01
|
| Series: | The Scientific World Journal |
| Online Access: | http://dx.doi.org/10.1155/2014/463870 |
| id |
doaj-5d850b09dbd942369f3fccfd1267aefd |
|---|---|
| record_format |
Article |
| spelling |
doaj-5d850b09dbd942369f3fccfd1267aefd2020-11-24T21:52:57ZengHindawi LimitedThe Scientific World Journal2356-61401537-744X2014-01-01201410.1155/2014/463870463870An Integrative Behavioral Model of Information Security Policy ComplianceSang Hoon Kim0Kyung Hoon Yang1Sunyoung Park2Department of Business Administration, Kwangwoon University, 26 Kwangwoon-gil, Nowon-gu, Seoul 139-701, Republic of KoreaCollege of Business School, University of Wisconsin-La Crosse, 1725 State Street, La Crosse, WI 54601, USANamyang R&D Center, Hyundai Motor Company, 772-1 Jangdeok-dong, Hwaseong-Si, Gyeonggi-do 445-706, Republic of KoreaThe authors found the behavioral factors that influence the organization members’ compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members’ attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable. The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members’ compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members’ neutralization intention to violate information security policy should be emphasized.http://dx.doi.org/10.1155/2014/463870 |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Sang Hoon Kim Kyung Hoon Yang Sunyoung Park |
| spellingShingle |
Sang Hoon Kim Kyung Hoon Yang Sunyoung Park An Integrative Behavioral Model of Information Security Policy Compliance The Scientific World Journal |
| author_facet |
Sang Hoon Kim Kyung Hoon Yang Sunyoung Park |
| author_sort |
Sang Hoon Kim |
| title |
An Integrative Behavioral Model of Information Security Policy Compliance |
| title_short |
An Integrative Behavioral Model of Information Security Policy Compliance |
| title_full |
An Integrative Behavioral Model of Information Security Policy Compliance |
| title_fullStr |
An Integrative Behavioral Model of Information Security Policy Compliance |
| title_full_unstemmed |
An Integrative Behavioral Model of Information Security Policy Compliance |
| title_sort |
integrative behavioral model of information security policy compliance |
| publisher |
Hindawi Limited |
| series |
The Scientific World Journal |
| issn |
2356-6140 1537-744X |
| publishDate |
2014-01-01 |
| description |
The authors found the behavioral factors that influence the organization members’ compliance with the information security policy in organizations on the basis of neutralization theory, Theory of planned behavior, and protection motivation theory. Depending on the theory of planned behavior, members’ attitudes towards compliance, as well as normative belief and self-efficacy, were believed to determine the intention to comply with the information security policy. Neutralization theory, a prominent theory in criminology, could be expected to provide the explanation for information system security policy violations. Based on the protection motivation theory, it was inferred that the expected efficacy could have an impact on intentions of compliance. By the above logical reasoning, the integrative behavioral model and eight hypotheses could be derived. Data were collected by conducting a survey; 194 out of 207 questionnaires were available. The test of the causal model was conducted by PLS. The reliability, validity, and model fit were found to be statistically significant. The results of the hypotheses tests showed that seven of the eight hypotheses were acceptable.
The theoretical implications of this study are as follows: (1) the study is expected to play a role of the baseline for future research about organization members’ compliance with the information security policy, (2) the study attempted an interdisciplinary approach by combining psychology and information system security research, and (3) the study suggested concrete operational definitions of influencing factors for information security policy compliance through a comprehensive theoretical review. Also, the study has some practical implications. First, it can provide the guideline to support the successful execution of the strategic establishment for the implement of information system security policies in organizations. Second, it proves that the need of education and training programs suppressing members’ neutralization intention to violate information security policy should be emphasized. |
| url |
http://dx.doi.org/10.1155/2014/463870 |
| work_keys_str_mv |
AT sanghoonkim anintegrativebehavioralmodelofinformationsecuritypolicycompliance AT kyunghoonyang anintegrativebehavioralmodelofinformationsecuritypolicycompliance AT sunyoungpark anintegrativebehavioralmodelofinformationsecuritypolicycompliance AT sanghoonkim integrativebehavioralmodelofinformationsecuritypolicycompliance AT kyunghoonyang integrativebehavioralmodelofinformationsecuritypolicycompliance AT sunyoungpark integrativebehavioralmodelofinformationsecuritypolicycompliance |
| _version_ |
1725873881346998272 |