원문정보
초록
영어
Previous studies have shown that insiders pose risks to the security of organisations’ secret information. Information security policy (ISP) intentional violation can jeopardise organisations. For years, ISP violations persist despite organisations’ best attempts to tackle the problem through security, education, training and awareness (SETA) programs and technology solutions. Stopping hacking attempts e.g., phishing relies on personnel’s behaviour. Therefore, it is crucial to consider employee behaviour when designing strategies to protect sensitive data. In this case, organisations should also focus on improving employee behaviour on security and creating positive security perceptions. This paper investigates the role of psychological capital (PsyCap), punishment and organisational security resources in influencing employee behaviour and ultimately reducing ISP violations. The model of the proposed study has been modified to investigate the connection between self-efficacy, resilience, optimism, hope, perceived sanction severity, perceived sanction certainty, security response effectiveness, security competence and ISP violation. The sample of the study includes 364 bank employees in Jordan who participated in a survey using a self-administered questionnaire. The findings show that the proposed approach acquired an acceptable fit with the data and 17 of 25 hypotheses were confirmed to be correct. Furthermore, the variables self-efficacy, resilience, security response efficacy, and protection motivation directly influence ISP violations, while perceived sanction severity and optimism indirectly influence ISP violations through protection motivation. Additionally, hope, perceived sanction certainty, and security skills have no effect on ISP infractions that are statistically significant. Finally, self-efficacy, resiliency, optimism, hope, perceived severity of sanctions, perceived certainty of sanctions, perceived effectiveness of security responses, and security competence have a substantial influence on protection motivation.
목차
Ⅰ. Introduction
Ⅱ. Literature Review
2.1. Information and Cyber Security
2.2. Human Behaviours
2.3. Related Work
2.4. Theory of Planned Behaviour (TPB)
2.5. General Deterrence Theory (GDT)
2.6. Psychological Capital (PsyCap)
2.7. Organizational Security Resources
Ⅲ. Research Model and Hypothesis Development
3.1. Related Variables and Assumptions on General Deterrence Theory (GDT)
3.2. Related Variables and Assumptions on Psychological Capital (PsyCap)
3.3. Related Variables and Assumptions on Organizational Security Resources
Ⅳ. Research Methodology
4.1. Research Method and Data Collection
4.2. Measurement
4.3. Measurement Model Assessment
4.4. Data Analysis and Results
4.5. Path Coefficient Analyses
4.6. Mediation Effect of Protection Motivation(Indirect)
Ⅴ. Discussion
5.1. Theoretical Contribution
5.2. Practical Implications
Ⅵ. Limitations and Future Research