The Role Of Extra-Role Behaviors And Social Controls In Information Security Policy Effectiveness
Information Systems Research(2015)
摘要
Although most behavioral security studies focus on organizational in-role behaviors such as information security policy (ISP) compliance, the role of organizational extra-role behaviors-security behaviors that benefit organizations but are not specified in ISPs-has long been overlooked. This study examines (1) the consequences of organizational in-role and extra-role security behaviors on the effectiveness of ISPs and (2) the role of formal and social controls in enhancing in-role and extra-role security behaviors in organizations. We propose that both in-role security behaviors and extra-role security behaviors contribute to ISP effectiveness. Furthermore, based on social control theory, we hypothesize that social control can boost both in-and extra-role security behaviors. Data collected from practitioners-including information systems (IS) managers and employees at many organizations-confirmed most of our hypotheses. Survey data from IS managers substantiated the importance of extra-role behaviors in improving ISP effectiveness. Paired data, collected from managers and employees in the same organizations, indicated that formal control and social control individually and interactively enhance both in-and extra-role security behaviors. We conclude by discussing the implications of this research for academics and practitioners, along with compelling future research possibilities.
更多查看译文
关键词
IS security,behavioral security,in-role behaviors,extra-role behaviors,social control theory,SCT,security management,information security policy,ISP,formal control,social control,organizations
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络