Peers matter: The moderating role of social influence on information security policy compliance
- UNCG Author/Contributor (non-UNCG co-authors, if there are any, appear on document)
- Zhiyong Yang, Professor and Department Head (Creator)
- Institution
- The University of North Carolina at Greensboro (UNCG )
- Web Site: http://library.uncg.edu/
Abstract: Information security in an organization largely depends on employee compliance with information security policy (ISP). Previous studies have mainly explored the effects of command-and-control and self-regulatory approaches on employee ISP compliance. However, how social influence at both individual and organizational levels impacts the effectiveness of these two approaches has not been adequately explored. This study proposes a social contingency model in which a rules-oriented ethical climate (employee perception of a rules-adherence environment) at the organizational level and susceptibility to interpersonal influence (employees observing common practices via peer interactions) at the individual level interact with both command-and-control and self-regulatory approaches to affect ISP compliance. Using employee survey data, we found that these two social influence factors weaken the effects of both command-and-control and self-regulatory approaches on ISP compliance. Theoretical and practical implications are also discussed.
Peers matter: The moderating role of social influence on information security policy compliance
PDF (Portable Document Format)
760 KB
Created on 10/4/2021
Views: 2087
Additional Information
- Publication
- Information Systems Journal, 30, 791–844
- Language: English
- Date: 2020
- Keywords
- command-and-control approach, information security policy compliance, rules-oriented ethical climate, self-regulatory approach, susceptibility to interpersonal influence