Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/association-for-computing-machinery/assessing-the-moderating-effect-of-security-technologies-on-employees-O7yLBEs0AE
References (96)
-
Ronald Deibert, Rafal Rohozinski (2010)
Risking Security: Policies and Paradoxes of Cyberspace SecurityInternational Political Sociology, 4
-
E. Luiijf, K. Besseling, P. Graaf (2013)
Nineteen national cyber security strategiesInt. J. Crit. Infrastructures, 9
-
N. Humaidi, V. Balakrishnan (2013)
Exploratory Factor Analysis of User’s Compliance Behaviour towards Health Information System’s Security -
(1990)
The context for change: Organization, technology and environment -
Aristotle Onumo, A. Cullen, I. Awan (2017)
An Empirical Study of Cultural Dimensions and Cybersecurity Development2017 IEEE 5th International Conference on Future Internet of Things and Cloud (FiCloud)
-
M. Sarstedt, C. Ringle, J. Henseler, Joseph Hair (2014)
On the Emancipation of PLS-SEM: A Commentary on Rigdon (2012)Long Range Planning, 47
-
Emily Matta (2018)
Kansans at risk: Strengthened data breach notification laws as a deterrent to reckless data storageU. Kan. L. Rev, 67
-
K. Parsons, E. Young, M. Butavicius, Agata McCormac, M. Pattinson, C. Jerram (2015)
The Influence of Organizational Information Security Culture on Information Security Decision MakingJournal of Cognitive Engineering and Decision Making, 9
-
Joe F. Hair Jr, Marko Sarstedt, Lucas Hopkins, Volker G. Kuppelwieser (2014)
Partial least squares structural equation modeling (PLS-SEM)Eur. Bus. Rev. (2014).
-
R. Solms, J. Niekerk (2013)
From information security to cyber securityComput. Secur., 38
-
Shuhaili Talib, N. Clarke, S. Furnell (2011)
Establishing A Personalized Information Security CultureInt. J. Mob. Comput. Multim. Commun., 3
-
SP NIST. (1998)
800-16 (1998)National Institute of Standards and Technology (NIST) Information Technology Training Requirements: A Role-and Performance-based Model (NIST Special Publication 800-16). US Department of Commerce
-
Critical Infrastructure Cybersecurity (2014)
Framework for improving critical infrastructure cybersecurityFramework, 1
-
F. Zhao, A. Collier, Hepu Deng (2014)
A multidimensional and integrative approach to study global digital divide and e-government developmentInf. Technol. People, 27
-
Anthony Vance, M. Siponen, Seppo Pahnila (2012)
Motivating IS security compliance: Insights from Habit and Protection Motivation TheoryInf. Manag., 49
-
Emily Matta (2019)
,,,Kansans at Risk: Strengthened Data Breach Notification Laws as a Deterrent to Reckless Data StorageKansas Law Review
-
I. Khalil, E. Weippl (2012)
Contemporary Challenges and Solutions for Mobile and Multimedia Technologies -
A. Luse, Julie Rursch, D. Jacobson (2014)
Utilizing Structural Equation Modeling and Social Cognitive Career Theory to Identify Factors in Choice of IT as a MajorACM Trans. Comput. Educ., 14
-
H. Venter, J. Eloff (2003)
A taxonomy for information security technologiesComput. Secur., 22
-
(2009)
Organisational Behaviour in Southern Africa -
B. Ramdani, Delroy Chevers, D. Williams (2013)
SMEs' adoption of enterprise applications: A technology-organisation-environment modelJournal of Small Business and Enterprise Development, 20
-
Nils Urbach, F. Ahlemann (2010)
Structural Equation Modeling in Information Systems Research Using Partial Least SquaresThe Journal of Information Technology Theory and Application, 11
-
Olive Lundy (1994)
From personnel management to strategic human resource managementInternational Journal of Human Resource Management, 5
-
Thomas H. Davenport, Laurence Prusak, et al (1998)
Working Knowledge: How Organizations Manage What They KnowHarvard Business Press.
-
T. Schlienger, S. Teufel (2003)
Information security culture - from analysis to changeSouth Afr. Comput. J., 31
-
K. Wallston (2001)
Control Beliefs: Health Perspectives -
Tamara Dinev, Qing Hu (2007)
The Centrality of Awareness in the Formation of User Behavioral Intention toward Protective Information TechnologiesJ. Assoc. Inf. Syst., 8
-
Icek Ajzen (2005)
Attitudes, Personality, and BehaviorMcGraw--Hill Education (UK).
-
D. Hovorka, Kai Larsen (2017)
Modes of Theory Integration -
N. Kock, P. Hadaya (2018)
Minimum sample size estimation in PLS‐SEM: The inverse square root and gamma‐exponential methodsInformation Systems Journal, 28
-
Tejaswini Herath, H. Rao (2009)
Encouraging information security behaviors in organizations: Role of penalties, pressures and perceived effectivenessDecis. Support Syst., 47
-
A. Kankanhalli, H. Teo, B. Tan, K. Wei (2003)
An integrative study of information systems security effectivenessInt. J. Inf. Manag., 23
-
Shuhaili Talib, Nathan L. Clarke, Steven M. Furnell (2013)
Establishing a personalized information security cultureContemporary Challenges and Solutions for Mobile and Multimedia Technologies. IGI Global
-
D. Straub (1990)
Effective IS Security: An Empirical StudyInf. Syst. Res., 1
-
Kristopher Preacher, A. Hayes (2004)
SPSS and SAS procedures for estimating indirect effects in simple mediation modelsBehavior Research Methods, Instruments, & Computers, 36
-
J. Muijen, P. Koopman, Vu, Faculteit Pedagogiek (1999)
Organizational Culture: The Focus QuestionnaireEuropean Journal of Work and Organizational Psychology, 8
-
尚弘 島影 (2001)
National Institute of Standards and Technologyにおける超伝導研究及び生活Ieej Transactions on Fundamentals and Materials, 121
-
Ioanna-Aikaterini Topa, Maria Karyda (2015)
Identifying Factors that Influence Employees' Security Behavior for Enhancing ISP Compliance -
A. Kaliontzoglou, P. Sklavos, Athanasios Karantjias, D. Polemi (2005)
A secure e-Government platform architecture for small to medium sized public organizationsElectron. Commer. Res. Appl., 4
-
J. D'Arcy, A. Hovav, D. Galletta (2009)
User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence ApproachInf. Syst. Res., 20
-
Series y : Global information infrastructure , internet protocol aspects and next - generationnetworks next generation networks – frameworks and functional architecture models -
W. Claycomb, Carly Huth, Lori Flynn, David McIntire, T. Lewellen (2012)
Chronological Examination of Insider Threat Sabotage: Preliminary ObservationsJ. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., 3
-
Asghar Ghasemi, Saleh Zahediasl (2012)
Normality tests for statistical analysis: A guide for non-statisticiansInt. J. Endocrinol. Metab., 10
-
Nadine Guhr, Benedikt Lebek, M. Breitner (2019)
The impact of leadership on employees' intended information security behaviour: An examination of the full‐range leadership theoryInformation Systems Journal, 29
-
C. Fornell, D. Larcker (1981)
Evaluating structural equation models with unobservable variables and measurement error.Journal of Marketing Research, 18
-
A. Veiga, J. Eloff (2010)
A framework and assessment instrument for information security cultureComput. Secur., 29
-
Edward G. Carmines, Richard A. Zeller (1979)
Reliability and Validity Assessment -
B. Bass, B. Avolio (1993)
Transformational Leadership And Organizational CultureInternational Journal of Public Administration, 17
-
Y. Mah, Bin Hashim., M. Lo, Shiaw-Tong Ha (2019)
Factors Affecting Satisfaction and Loyalty in Public Transport using Partial Least Squares Structural Equation Modeling (PLS-SEM)International Journal of Innovative Technology and Exploring Engineering
-
M. Siponen, M. Mahmood, Seppo Pahnila (2014)
Employees' adherence to information security policies: An exploratory field studyInf. Manag., 51
-
Rebecca Grier (2012)
Military Cognitive Readiness at the Operational and Strategic LevelsJournal of Cognitive Engineering and Decision Making, 6
-
S. Shapiro, M. Wilk (1965)
An Analysis of Variance Test for Normality (Complete Samples)Biometrika, 52
-
Nader Safa, Mehdi Sookhak, R. Solms, S. Furnell, N. Ghani, T. Herawan (2015)
Information security conscious care behaviour formation in organizationsComput. Secur., 53
-
T. Tyler, Steven Blader (2005)
Can Businesses Effectively Regulate Employee Conduct? The Antecedents of Rule Following in Work SettingsAcademy of Management Journal, 48
-
(1999)
The axial age of technology foreword -
Christian M. Ringle, Sven Wende, Jan-Michael Becker, et al (2015)
SmartPLS 3Boenningstedt: SmartPLS GmbH (2015).
-
J. Hulland (1999)
Use of partial least squares (PLS) in strategic management research: a review of four recent studiesStrategic Management Journal, 20
-
Petri Puhakainen, M. Siponen (2010)
Improving Employees' Compliance Through Information Systems Security Training: An Action Research StudyMIS Q., 34
-
M. Tenenhaus, V. Vinzi, Yves-Marie Chatelin, Carlo Lauro (2005)
PLS path modelingComput. Stat. Data Anal., 48
-
Rebecca A. Grier (2012)
Military cognitive readiness at the operational and strategic levels: A theoretical model for measurement developmentJ. Cogn. Eng. Decis. Mak., 6
-
(2010)
Neutralization: New insights into the problem of employee information systems security policy violations -
A. Veiga (2016)
A cybersecurity culture research philosophy and approach to develop a valid and reliable measuring instrument -
Bernard M. Bass, Bruce J. Avolio (1993)
Transformational leadership and organizational culturePublic Administration Quarterly, 17
-
E. LeidnerDorothy, KayworthTimothy (2006)
Review: a review of culture in information systems researchManagement Information Systems Quarterly
-
Tejaswini Herath, Rui Chen, Jingguo Wang, Ketan Banjara, Jeff Wilbur, H. Rao (2014)
Security services as coping mechanisms: an investigation into user intention to adopt an email authentication serviceInformation Systems Journal, 24
-
(2005)
Attitudes, Personality, and Behavior. McGraw-Hill Education (UK) -
H. Kruger, Wayne Kearney (2006)
A prototype for assessing information security awarenessComput. Secur., 25
-
Burcu Bulgurcu, H. Cavusoglu, I. Benbasat (2010)
Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security AwarenessMIS Q., 34
-
Sheldon Cohen, T. Kamarck, R. Mermelstein (1983)
A global measure of perceived stress.Journal of health and social behavior, 24 4
-
P. Ifinedo (2012)
Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theoryComput. Secur., 31
-
A. Segars, V. Grover (1999)
Profiles of Strategic Information Systems PlanningInf. Syst. Res., 10
-
N. Humaidi, V. Balakrishnan (2018)
Indirect effect of management support on users’ compliance behaviour towards information security policiesHealth Information Management Journal, 47
-
M. Limayem, S. Hirt, Christy Cheung (2007)
How Habit Limits the Predictive Power of Intention: The Case of Information Systems ContinuanceMIS Q., 31
-
D. Smetters, Rebecca Grinter (2002)
Moving from the design of usable security technologies to the design of useful secure applications -
Alfonso Reyes, R. Zarama (1998)
The process of embodying distinctions - a re-construction of the process of learningCybern. Hum. Knowing, 5
-
B. Gates (1999)
Business @ the Speed of Thought -
Qing Hu, Tamara Dinev, Paul Hart, Donna Cooke (2012)
Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational CultureDecis. Sci., 43
-
A. Wensley (1998)
Book review:Working knowledge: How organizations manage what they know. Thomas H. Davenport and Laurence Prusak. Harvard Business School Press, 1998. $29.95US. ISBN 0‐87584‐655‐6Knowledge and Process Management, 5
-
Robert Crossler, Allen Johnston, P. Lowry, Qing Hu, Merrill Warkentin, R. Baskerville (2013)
Future directions for behavioral information security researchComput. Secur., 32
-
W. Flores, E. Antonsen, M. Ekstedt (2014)
Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national cultureComput. Secur., 43
-
Weiling Ke, K. Wei (2008)
Organizational culture and leadership in ERP implementationDecis. Support Syst., 45
-
(2001)
What kind of space is cyberspace -
H. Tsoukas, Efi Vladimirou (2001)
What is Organizational KnowledgeJournal of Management Studies, 38
-
P. Northouse (2017)
Introduction to Leadership: Concepts and Practice -
(1995)
The knowledge-creating company : how Japanese companies create the dynamics of innovation -
Edgar H. Schein (2004)
Organizational Culture and Leadership (Jossey-Bass Business 8 Management Series)Jossey Bass Incorporated.
-
Joshua Guyer, L. Fabrigar, Thomas Vaughan‐Johnston, Clement Tang (2018)
The counterintuitive influence of vocal affect on the efficacy of affectively-based persuasive messagesJournal of Experimental Social Psychology, 74
-
L. Connolly, M. Lang, J. Gathegi, Doug Tygar (2017)
Organisational culture, procedural countermeasures, and employee security behaviour: A qualitative studyInf. Comput. Secur., 25
-
L. Smircich (1983)
Concepts of Culture and Organizational Analysis.Administrative Science Quarterly, 28
-
D. Leidner, Timothy Kayworth (2006)
Review: A Review of Culture in Information Systems Research: Toward a Theory of Information Technology Culture ConflictMIS Q., 30
-
Daniel Bell (1999)
The axial age of technology foreword: 1999The Coming of the Post-industrial Society (1999)
-
Bilal Khan, K. Alghathbar, S. Nabi, M. Khan (2011)
Effectiveness of information security awareness methods based on psychological theoriesAfrican Journal of Business Management, 5
-
R. Quinn, J. Rohrbaugh (1983)
A Spatial Model of Effectiveness Criteria: Towards a Competing Values Approach to Organizational AnalysisManagement Science, 29
-
N. Kock (2009)
Information Systems Theorizing Based on Evolutionary Psychology: An Interdisciplinary Review and Theory Integration FrameworkMIS Q., 33
-
S. Chang, Chin-Shien Lin (2007)
Exploring organizational culture for information security managementInd. Manag. Data Syst., 107
-
D. Mcclelland, R. Boyatzis (1982)
Leadership motive pattern and long-term success in management.Journal of Applied Psychology, 67
- Publisher
- Association for Computing Machinery
- Copyright
- Copyright © 2021 ACM
- ISSN
- 2158-656X
- eISSN
- 2158-6578
- DOI
- 10.1145/3424282
- Publisher site
- See Article on Publisher Site
Abstract
The increase in cybersecurity threats and the challenges for organisations to protect their information technology assets has made adherence to organisational security control processes and procedures a critical issue that needs to be adequately addressed. Drawing insight from organisational theory literature, we develop a multi-theory model, combining the elements of the theory of planned behaviour, competing value framework, and technology—organisational and environmental theory to examine how the organisational mechanisms interact with espoused cultural values and employee cognitive belief to influence cybersecurity control procedures. Using a structured questionnaire, we deployed structural equation modelling (SEM) to analyse the survey data obtained from public sector information technology organisations in Nigeria to test the hypothesis on the relationship of socio-organisational mechanisms and techno-cultural factors with other key determinants of employee security behaviour. The results showed that knowledge of cybersecurity and employee cognitive belief significantly influence the employees’ intentions to comply with organisational cybersecurity control mechanisms. The research further noted that the influence of organisational elements such as leadership on employee security behaviour is mediated by espoused cultural values while the impact of employee cognitive belief is moderated by security technologies. For effective cybersecurity compliance, leaders and policymakers are therefore to promote organisational security initiatives that ensure incorporation of cybersecurity principles and practices into job descriptions, routines, and processes. This study contributes to behavioural security research by highlighting the critical role of leadership and cultural values in fostering organisational adherence to prescribed security control mechanisms.
Journal
ACM Transactions on Management Information Systems (TMIS) – Association for Computing Machinery
Published: Feb 3, 2021
Keywords: Cybersecurity