Search results

The purpose of this paper is to examine the use of power tactics by hospital administrators in order to gain employee compliance. It attempts to understand the influence of power bases of hospital administrators on the employee compliance using an analytic hierarchy process (AHP) technique.

The study adopted a mixed method technique and was conducted in two phases. In the first phase, qualitative analysis was carried out through content analysis of the anecdotes collected from the employees working in tertiary hospitals. Content analysis of responses aided in obtaining a list of criteria and sub-criteria affecting employee behavioural compliance. In the second phase, quantitative analysis was carried out using the AHP technique. While applying AHP, the issue pertaining to employee behavioural compliance with hospital’s policies, procedures and related instructions was formulated in form of a hierarchy of one objective, two criteria, six sub-criteria and five alternatives established through literature review and content analysis. Furthermore, the subject matter experts were asked to conduct pairwise comparison wherein priority rankings were achieved.

The results indicated that reward power (25 per cent) is the most significant power style exercised by effective hospital administrators in achieving employee behavioural compliance followed by expert (24 per cent), referent (22 per cent) and legitimate powers (17 per cent). As coercive (12 per cent) came out to be the least preferred power style, it should be cautiously exercised by hospital administrators in the present day scenario.

The major limitation of this study is that the sample was drawn only from three tertiary hospitals in Jammu district that limits the generalizability of the findings in all the hospital settings across different regions. No attempt is made in this study to understand the variations with regard to demographics of the respondents that can be taken as a future research study. This study is cross-sectional in nature and provides the perspective of specific time. A longitudinal study could further provide insights into different time variations and the comparison and henceforth can be more comprehensive, thus supporting the generalizability of this study.

The study empirically identifies the relative importance of exercising power styles in order to gain employee behavioural compliance. The study helps in understanding the complex problem of behavioural compliance in hospital setting by examining the intensity of each factor affecting employee behavioural compliance. This knowledge is very critical in effective hospital management and getting the work done. The priority rankings obtained for power styles can be used for developing selection batteries and performance records of hospital administrators. As the behaviour of the employees is not static, there may exist the inherent limitations of adopted cross-sectional design for the present study. Furthermore, longitudinal study can be conducted at different time periods, to understand the variations in the patterns of employee’s compliance behaviour and associated practiced power styles by hospital administrators.

This is perhaps the first study that has scientifically attempted to integrate the power styles and analyzed their effective use in hospital administration. This research study has attempted to develop an elementary base for academicians, scholars as well as management practitioners on the effective use of power styles for achieving employee behavioural compliance in hospitals.

This paper aims to provide an overview of theories used in the field of employees’ information systems (IS) security behavior over the past decade. Research gaps and implications for future research are worked out by analyzing and synthesizing existing literature.

This paper presents the results of a literature review comprising 113 publications. The literature review was designed to identify applied theories and to understand the cognitive determinants in the research field. A meta-model that explains employees’ IS security behavior is introduced by assembling the core constructs of the used theories.

The paper identified 54 used theories, but four behavioral theories were primarily used: Theory of Planned Behavior (TPB), General Deterrence Theory (GDT), Protection Motivation Theory (PMT) and Technology Acceptance Model (TAM). By synthesizing results of empirically tested research models, a survey of factors proven to have a significant influence on employees’ security behavior is presented.

Some relevant publications might be missing within this literature review due to the selection of search terms and/or databases. However, by conduction a forward and a backward search, this paper has limited this error source to a minimum.

This study presents an overview of determinants that have been proven to influence employees’ behavioral intention. Based thereon, concrete training and awareness measures can be developed. This is valuable for practitioners in the process of designing Security Education, Training and Awareness (SETA) programs.

This paper presents a comprehensive up-to-date overview of existing academic literature in the field of employees’ security awareness and behavior research. Based on a developed meta-model, research gaps are identified and implications for future research are worked out.

Recently, the role of human behavior has become a focal point in the study of information security countermeasures. However, few empirical studies have been conducted to test social engineering theory and the reasons why people may or may not fall victim, and even fewer have tested recommended treatments. Building on theory using threat control factors, the purpose of this paper is to compare the efficacy of recommended treatment protocols.

A confirmatory factor analysis of a threat control model was conducted, followed by a randomized assessment of treatment effects using the model. The data were gathered using a questionnaire containing antecedent factors, and samples of social engineering security behaviors were observed.

It was found that threat assessment, commitment, trust, and obedience to authority were strong indicators of social engineering threat success, and that treatment efficacy depends on which factors are most prominent.

This empirical study provides evidence for certain posited theoretical factors, but also shows that treatment efficacy for social engineering depends on targeting the appropriate factor. Researchers should investigate methods for factor assessment, and practitioners must develop interventions accordingly.

This paper aims to examine the individual and combined effects of organisational and behavioural factors on employees’ attitudes and intentions to establish an information security policy compliance culture (ISPCC) in organisations.

Based on factors derived from the organisational culture theory, social bond theory and accountability theory, a testable research model was developed and evaluated in an online survey that involves the use of a questionnaire to collect quantitative data from 313 employees, from ten different organisations in Ghana. The data collected were analysed using the partial least squares-structural equation modelling approach, involving the measurement and structural model tests.

The study reveals that the individual measures of accountability – identifiability (2.4%), expectations of evaluation (38.8%), awareness of monitoring (55.7%) and social presence (−41.2%) – had weak to moderate effects on employees’ attitudes towards information security policy compliance. However, the combined effect showed a significant influence. In addition, organisational factors – supportive organisational culture (15%), security compliance leadership (2%) and user involvement (63%) – showed positive effects on employees’ attitudes. Further, employees’ attitudes had a substantial influence (65%), while behavioural intentions demonstrated a weak effect (24%) on the establishment of an ISPCC in the organisation. The combined effect also had a substantial statistical influence on the establishment of an ISPCC in the organisation.

Given the findings of the study, information security practitioners should implement organisational and behavioural factors that will have an impact on compliance, in tandem, with the organisational effort to build a culture of compliance for information security policies.

The study provides new insights on how to address the problem of non-compliance with regard to the information security policy in organisations through the combined application of organisational and behavioural factors to establish an information security policy compliance culture, which has not been considered in any past research.

This paper aims to evaluate the relative effectiveness of four‐hour ServSafe^® food safety training, a theory‐based intervention targeting food service employees' perceived barriers to implementing food safety practices, and a combination of the two treatments. Dependent measures include behavioral compliance with and perceptions of control over performing hand washing, use of thermometers, and handling of work surfaces.

Four groups are compared: employees receiving only ServSafe^® training, intervention alone, training and intervention, and no treatment. Employees complete a questionnaire assessing perceived barriers to practicing the targeted behaviors. Then, employees are observed in the production area for behavioral compliance.

Training or intervention alone is better than no treatment, but the training/intervention combination is most effective at improving employees' compliance with and perceptions of control over performing the behaviors.

Research is limited to restaurant employees in three states within the USA, in only 31 of the 1,298 restaurants originally contacted. Future research should identify barriers of other types of food service employees and evaluate the effectiveness of these and other intervention strategies.

ServSafe^® training can be enhanced with a simple intervention targeting food service employees' perceived barriers to food safety. Providing knowledge and addressing barriers are both important steps to improving food safety in restaurants.

No previous research has used the theory of planned behavior to develop an intervention targeting food service employees' perceived barriers to implementing food safety practices. Research also has not attempted to improve the effectiveness of ServSafe^® food safety training by adding an intervention.

The purpose of this paper is to understand from the knowledge management perspective how the mechanism of different voluntary compliance behaviors works and how information technology is used for compliance management in corporate settings where privacy and security issues are getting critical due to the advancement of big data and artificial intelligence.

In this study, the authors propose a structural model based on the theory of planned behavior and the IT relatedness theory that behavioral belief about compliance and social pressure affect compliance knowledge and compliance intention, and compliance knowledge partially mediates the impact of both independent variables on compliance intention. The authors surveyed with a structured questionnaire 975 employees of a major Korean energy company, S-OIL, which deploys a compliance support system. The respondents are classified into two groups: an Active IT Utilization Group and a Passive IT Utilization Group.

The results of our empirical examination show that compliance intention belief and social pressure influence compliance intention, and further, that compliance behavior is mediated by compliance knowledge – in both the active IT utilization group and the passive IT utilization group. However, the significance of each path coefficient, R square and the mediation effect in Model 1 (passive IT utilization group) are obviously a poor contrast to Model 2 (active IT utilization group). Also, the path from behavioral belief to compliance knowledge and social pressure to compliance knowledge show a significant moderating effect of IT utilization level.

This paper aims to promote more effective voluntary compliance behavior by increasing the understanding of the impact differences of the preceding factors, and the ways in which those are related to the knowledge management practice in terms of both knowledge itself and its support systems, i.e. compliance support system.

This paper aims to establish that employees’ non-compliance with information security policy (ISP) could be addressed by nurturing ISP compliance culture through the promotion of factors such as supportive organizational culture, end-user involvement and compliance leadership to influence employees’ attitudes and behaviour intentions towards ISP in organizations. This paper also aims to develop a testable research model that might be useful for future researchers in predicting employees’ behavioural intentions.

In view of the study’s aim, a research model to show how three key constructs can influence the attitudes and behaviours of employees towards the establishment of security policy compliance culture (ISPCC) was developed and validated in an empirical field survey.

The study found that factors such as supportive organizational culture and end-user involvement significantly influenced employees’ attitudes towards compliance with ISP. However, leadership showed the weakest influence on attitudes towards compliance. The overall results showed that employees’ attitudes and behavioural intentions towards ISP compliance together influenced the establishment of ISPCC for ISP compliance in organizations.

Organizations should influence employees’ attitudes towards compliance with ISP by providing effective ISP leadership, encouraging end-user involvement during the draft and update of ISP and nurturing a culture that is conducive for ISP compliance.

The study provides some insights on how to effectively address the problem of non-compliance with ISP in organizations through the establishment of ISPCC, which has not been considered in any past research.

This paper aims to contribute to the understanding of goal setting in organizations, especially regarding the mitigation of conflicting productivity and security goals.

This paper describes the results of a survey with 200 German employees regarding the effects of goal setting on employees’ security compliance. Based on the survey results, a concept for setting information security goals in organizations building on actionable behavioral recommendations from information security awareness materials is developed. This concept was evaluated in three small- to medium-sized organizations (SMEs) with overall 90 employees.

The survey results revealed that the presence of rewards for productivity goal achievement is strongly associated with a decrease in security compliance. The evaluation of the goal setting concept indicates that setting their own information security goals is welcomed by employees.

Both studies rely on self-reported data and are, therefore, likely to contain some kind of bias.

Goal setting in organizations has to accommodate for situations, where productivity goals constrain security policy compliance. Introducing the proposed goal setting concept based on relevant actionable behavioral recommendations can help mitigate issues in such situations.

This work furthers the understanding of the factors affecting employee security compliance. Furthermore, the proposed concept can help maximizing the positive effects of goal setting in organizations by mitigating the negative effects through the introduction of meaningful and actionable information security goals.

Understanding the behavioral change process of system users to adopt safe security practices is important to the success of an organization’s cybersecurity program. This study aims to explore how the 7Ps (product, price, promotion, place, physical evidence, process and people) marketing mix, as part of an internal social marketing approach, can be used to gain an understanding of employees’ interactions within an organization’s cybersecurity environment. This understanding could inform the design of servicescapes and behavioral infrastructure to promote and maintain cybersecurity compliance.

This study adopted an inductive qualitative approach using in-depth interviews with employees in several Vietnamese organizations. Discussions were centered on employee experiences and their perceptions of cybersecurity initiatives, as well as the impact of initiatives on compliance behavior. Responses were then categorized under the 7Ps marketing mix framework.

The study shows that assessing a cybersecurity program using the 7P mix enables the systematic capture of users’ security compliance and acceptance of IT systems. Additionally, understanding the interactions between system elements permits the design of behavioral infrastructure to enhance security efforts. Results also show that user engagement is essential in developing secure systems. User engagement requires developing shared objectives, localized communications, co-designing of efficient processes and understanding the “pain points” of security compliance. The knowledge developed from this research provides a framework for those managing cybersecurity systems and enables the design human-centered systems conducive to compliance.

The study is one of the first to use a cross-disciplinary social marketing approach to examine how employees experience and comply with security initiatives. Previous studies have mostly focused on determinants of compliance behavior without providing a clear platform for management action. Internal social marketing using 7Ps provides a simple but innovative approach to reexamine existing compliance approaches. Findings from the study could leverage proven successful marketing techniques to promote security compliance.

Based on the theory of reasoned action, this study aims to illustrate how employees’ safety behavior can be enhanced in the workplace by specifically examining how anticipated regret leads to workplace safety behavior and the contextual factor of organizational ethical climate.

The authors adopted a quantitative approach and designed their survey from validated scales in prior studies. Data were obtained from two different sources, including 149 employees and 31 immediate supervisors. Hierarchical linear modeling techniques were applied to test the hypotheses.

The results showed that anticipated regret was significantly related to safety compliance and safety participation; egoistic ethical climate was negatively correlated with safety compliance and safety participation, while benevolent ethical climate was only positively correlated with safety participation. For cross-level moderating effects, both benevolent and principle ethical climate moderate the relationship between anticipated regret and safety participation, whereas all three ethical climates did not moderate the relationship between anticipated regret and safety compliance.

It contributes to current literature by identifying critical determinants of employees’ safety behavior, which would enable practitioners to manage safety in the workplace and foster a safe working environment. Specifically, fostering benevolent ethical climate can better promote employees’ perceptions of the importance of discretionary safety behavior.

This study suggests that organizational practitioners could use the salience of anticipated regret to promote the safety behavioral intentions of employees in the workplace. Further, the authors examined a multilevel framework, which elaborates individual- and organizational-level antecedents of employee safety behavior as well as the impact of cross-level interactions on employee safety behavior.