Security culture and the employment relationship as drivers of employees’ security compliance
Information Management & Computer Security
ISSN: 0968-5227
Article publication date: 10 November 2014
Abstract
Purpose
The purpose of this paper is to examine the influence of security-related and employment relationship factors on employees’ security compliance decisions. A major challenge for organizations is encouraging employee compliance with security policies, procedures and guidelines. Specifically, we predict that security culture, job satisfaction and perceived organizational support have a positive effect on employees’ security compliance intentions.
Design/methodology/approach
This study used a survey approach for data collection. Data were collected using two online surveys that were administered at separate points in time.
Findings
Our results provide empirical support for security culture as a driver of employees’ security compliance in the workplace. Another finding is that an employee’s feeling of job satisfaction influences his/her security compliance intention, although this relationship appears to be contingent on the employee’s position, tenure and industry. Surprisingly, we also found a negative relationship between perceived organizational support and security compliance intention.
Originality/value
Our results provide one of the few empirical validations of security culture, and we recognize its multidimensional nature as conceptualized through top management commitment to security (TMCS), security communication and computer monitoring. We also extend security compliance research by considering the influence of employment relationship factors drawn from the organizational behavior literature.
Keywords
Acknowledgements
An earlier version of this paper was presented at the Fifth Annual Symposium on Information Assurance (ASIA) on June 16-17, 2010 in Albany, New York, USA.
Citation
D'Arcy, J. and Greene, G. (2014), "Security culture and the employment relationship as drivers of employees’ security compliance", Information Management & Computer Security, Vol. 22 No. 5, pp. 474-489. https://doi.org/10.1108/IMCS-08-2013-0057
Publisher
:Emerald Group Publishing Limited
Copyright © 2014, Emerald Group Publishing Limited