Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization

D’Arcy, John; Teh, Pei Lee

doi:10.1016/j.im.2019.02.006

Cited by 55 publications

(76 citation statements)

References 64 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…According to D'Arcy and Teh [18], employees respond to security-related stress with adverse emotional reactions which, in turn, increase neutralization of security policy violations and thereby decrease compliance behavior. Sommer et al [61] link negative emotions to decreases in resilience, whereas positive emotions strengthen resilience.…”

Section: Limitations and Future Workmentioning

confidence: 99%

How to Mitigate Security-Related Stress: The Role of Psychological Capital

Frank¹,

Kohn²

2021

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

In an organizational context, individuals are prone to feel stressed by overwhelming and complicated security requirements, which can result in noncompliance with security policies and guidelines. While previous research has mainly focused on identifying distinct dimensions of securityrelated stress (SRS) and their behavioral impact, this paper is the first to examine factors for mitigating SRS. A study with 150 participants reveals that psychological capital (PsyCap)-here comprising of domain-specific self-efficacy and resilience-may work as such a means as it significantly reduces perceived SRS. However, the positive effect of PsyCap diminishes when becoming a victim of cybercriminals. Said differently: victims displaying high or low PsyCap tend to feel more stress compared to non-victims. Our findings imply that organizations should invest in measures that help their employees to develop positive mental capabilities before experiencing an information security incident.

show abstract

Section: Limitations and Future Workmentioning

confidence: 99%

How to Mitigate Security-Related Stress: The Role of Psychological Capital

Frank¹,

Kohn²

2021

Proceedings of the Annual Hawaii International Conference on System Sciences

View full text Add to dashboard Cite

show abstract

“…Academic research has also been scarce about threat appraisal and how managers can address information security threats. The previous literature has repeatedly examined ISS-related employee behaviors, including adoption by employees of more secure behaviors, such as antivirus updates, backups ( Boss, Galletta, Lowry, Moody, & Polak, 2015 ) or behaviors related to compliance with ISS policies ( D’Arcy & Teh, 2020 ; Karjalainen, Sarker, & Siponen, 2019 ; Moody, Siponen, & Pahnila, 2018 ; Yazdanmehr & Wang, 2016 ) including theories such as deterrence theory ( Xu, Lu, & Hsu, 2020 ). The behavioral research has integrated threat appraisal as a particularly influencing construct to consider.…”

Section: Theoretical Backgroundmentioning

confidence: 99%

Bring Your Own Device (BYOD) as reversed IT adoption: Insights into managers’ coping strategies

Barlette

Jaouen

Baillette

2021

International Journal of Information Management

View full text Add to dashboard Cite

Highlights This research explores the managers’ adaptation strategies resulting from BYOD usage by employees. The authors operationalize and enrich the coping model of user adaptation (CMUA). This research sheds light on the decisional processes in the adoption of coping strategies. The impact of the CMUA constructs varies according to the pre- or post-implementation period. This work helps managers for maximizing BYOD-related benefits and maintaining satisfactory corporate information security.

show abstract

“…The human factor in cybersecurity is frequently studied, for example, sources of stress related to compliance with security policies [10]. Another study [11] shows that some users tend to believe that security technology will protect them, regardless of their behavior.…”

Section: Related Workmentioning

confidence: 99%

Identification of Unintentional Perpetrator Attack Vectors using Simulation Game: A Case Study

Macák¹,

Bojnak²,

Bühnová³

2021

Annals of Computer Science and Information Systems

View full text Add to dashboard Cite

In our digital era, insider attacks are among the serious underresearched areas of the cybersecurity landscape. A significant type of insider attack is facilitated by employees without malicious intent. They are called unintentional perpetrators. We proposed mitigating these threats using a simulationgame platform to detect the potential attack vectors. This paper introduces and implements a scenario that demonstrates the usability of this approach in a case study. This work also helps to understand players' behavior when they are not told upfront that they will be a target of social engineering attacks. Furthermore, we provide relevant acquired observations for future research.

show abstract

Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization

Cited by 55 publications

References 64 publications

How to Mitigate Security-Related Stress: The Role of Psychological Capital

How to Mitigate Security-Related Stress: The Role of Psychological Capital

Bring Your Own Device (BYOD) as reversed IT adoption: Insights into managers’ coping strategies

Identification of Unintentional Perpetrator Attack Vectors using Simulation Game: A Case Study

Contact Info

Product

Resources

About