We find that top management participation in information security initiatives has significant direct and indirect influences on employees’ attitudes towards, subjective norm of, and perceived behavioral control over compliance with information security policies.We also find that the top management participation strongly influences organizational culture which in turn impacts employees’ attitudes towards and perceived behavioral control over compliance with information security policies. Furthermore, we find that the effects of top management participation and organizational culture on employee behavioral intentions are fully mediated by employee cognitive beliefs about compliance with information security policies.
| Construct | Cites | Category | Questions given? | Content validity | Pretests | Response type | Notes |
|---|---|---|---|---|---|---|---|
| Behavioral intention | Taylor, 1995, Pavlou, 2006 | yes | None | pilot | 5-point Likert scale ranging from "strongly disagree" to "strongly agree" | ||
| Attitudes towards behavior | Taylor, 1995, Pavlou, 2006 | yes | None | pilot | 5-point Likert scale ranging from "strongly disagree" to "strongly agree" | ||
| Subjective norm | Taylor, 1995, Pavlou, 2006 | yes | None | pilot | 5-point Likert scale ranging from "strongly disagree" to "strongly agree" | ||
| Perceived behavioral control | Taylor, 1995, Pavlou, 2006 | yes | None | pilot | 5-point Likert scale ranging from "strongly disagree" to "strongly agree" | ||
| Perceived goal orientation | van Muijen et al., 1999 | yes | None | pilot | 5-point Likert scale ranging from "strongly disagree" to "strongly agree" | ||
| Perceived rule orientation | van Muijen et al., 1999 | yes | None | pilot | 5-point Likert scale ranging from "Never" to "always" | ||
| Perceived top management participation | Liang et al., 2007 | yes | None | pilot | 5-point Likert scale ranging from "Never" to "always" |
Qing Hu, Tamara Dinev, Paul Hart, and Donna Cooke. Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture*. Decision Sciences, 43(4):615–660, August 2012. doi:10.1111/j.1540-5915.2012.00361.x.
@article{hu_managing_2012,
abstract = {We develop an individual behavioral model that integrates the role of top management and organizational culture into the theory of planned behavior in an attempt to better understand how top management can influence security compliance behavior of employees. Using survey data and structural equation modeling, we test hypotheses on the relationships among top management participation, organizational culture, and key determinants of employee compliance with information security policies. We find that top management participation in information security initiatives has significant direct and indirect influences on employees' attitudes towards, subjective norm of, and perceived behavioral control over compliance with information security policies. We also find that the top management participation strongly influences organizational culture which in turn impacts employees' attitudes towards and perceived behavioral control over compliance with information security policies. Furthermore, we find that the effects of top management participation and organizational culture on employee behavioral intentions are fully mediated by employee cognitive beliefs about compliance with information security policies. Our findings extend information security research literature by showing how top management can play a proactive role in shaping employee compliance behavior in addition to the deterrence oriented remedies advocated in the extant literature. Our findings also refine the theories about the role of organizational culture in shaping employee compliance behavior. Significant theoretical and practical implications of these findings are discussed.},
author = {Hu, Qing and Dinev, Tamara and Hart, Paul and Cooke, Donna},
doi = {10.1111/j.1540-5915.2012.00361.x},
issn = {1540-5915},
journal = {Decision Sciences},
language = {en},
month = {August},
number = {4},
pages = {615-660},
shorttitle = {Managing {{Employee Compliance}} with {{Information Security Policies}}},
title = {Managing {{Employee Compliance}} with {{Information Security Policies}}: {{The Critical Role}} of {{Top Management}} and {{Organizational Culture}}*},
volume = {43},
year = {2012}
}