Stress-based security compliance model – an exploratory study
Abstract
Purpose
This paper aims to extend current information security compliance research by adapting “work-stress model” of the extended Job Demands-Resources model to explore how security compliance demands, organization and personal resources influence end-user security compliance. The paper proposes that security compliance burnout and security engagement as the mediating factors between security compliance demands, organizational and personal resources and individual security compliance.
Design/methodology/approach
The authors used a multi-case in-depth interview method to explore the relevance and significance of security demands, organizational resources and personal resources on security compliance at work. Seventeen participants in three organizations including a bank, a university and an oil distribution company in Vietnam were interviewed during a four-month period.
Findings
The study identified three security demands, three security resources and two aspects of personal resources that influence security compliance. The study demonstrates that the security environment factors such as security demands and resources affected compliance burden and security engagement. Personal resources could play an integral role in moderating the impact of security environment on security compliance.
Research limitations/implications
The findings presented are not generalizable to the wider population of end-users in Vietnam due to the small sample size used in the interviews. Further quantitative studies need to measure the extent of each predictor on security compliance.
Originality/value
The originality of the research stems from proposing not only stress-based but also motivating factors from the security environment on security compliance. By using qualitative approach, the study provides more insight to understand the impact of the security environments on security compliance.
Keywords
Acknowledgements
The authors would like to thank Editor-in-Chief Professor Steven Furnell and the two anonymous reviewers for their insightful comments and suggestions. The authors also would like to thank two PhD supervisors of the first author Professor Linda Brennan and Dr France Cheong at RMIT University for their valuable guidance in the early development stage of the paper idea and final refinement. Sincere thanks are due to all interviewees for their time and willingness to discuss their security experience so openly.
Citation
Pham, H.-C., El-Den, J. and Richardson, J. (2016), "Stress-based security compliance model – an exploratory study", Information and Computer Security, Vol. 24 No. 4, pp. 326-347. https://doi.org/10.1108/ICS-10-2014-0067
Publisher
:Emerald Group Publishing Limited
Copyright © 2016, Emerald Group Publishing Limited