Understanding employees’ information security–related stress and policy compliance intention: the roles of information security fatigue and psychological capital

Chen, Hao; Liu, Mengya; Lyu, Tu

doi:10.1108/ics-03-2022-0047

Cited by 8 publications

(15 citation statements)

References 47 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our study differs from the extant literature in proposing ISSR as a dynamic capability, which provides a basis to focus on the role of human factors in enabling and hampering an organization’s security posture. Factors such as IS fatigue and psychological capital (Chen et al ., 2022) have only recently emerged in related literature and, as far as we are aware, have not been explicitly considered as important in an organization’s ability to the resilient.…”

Section: Discussionmentioning

confidence: 99%

“…, 2021; Tu et al ., 2021). A few studies discuss the role of employees within organizations (Chen et al ., 2022; Jansen van Rensburg, 2021), firm characteristics (Tayaksi et al. , 2022), technology infrastructure of the firm, industry network features and characteristics of the security threat (Donalds and Osei-Bryson, 2020).…”

Section: Literature Reviewmentioning

confidence: 99%

“…Almomani et al, 2021;de Moura et al, 2021;Tu et al, 2021). A few studies discuss the role of employees within organizations (Chen et al, 2022;Jansen van Rensburg, 2021), firm characteristics (Tayaksi et al, 2022), technology infrastructure of the firm, industry network features and characteristics of the security threat (Donalds and Osei-Bryson, 2020). The literature, while providing an understanding of the relevant factors that affect security breaches, stops short of the security incident and rarely considers the capability of a firm to respond to or continue operations and thrive after the event.…”

Section: Security and Resiliencementioning

confidence: 99%

“…However, more and more, it has been realized that the socio part of the socio-technical systems is more important (Shih et al ., 2021; Stanton et al ., 2005; Yu et al ., 2021). Aspects relating to user behavior, mistakes and misuse often lead to security breaches more often than IT failures (Chen et al ., 2022; Crossler et al ., 2013; Evans et al ., 2019; Juma’h and Alnsour, 2021). Equally as important as prevention is an organization’s capability to react proactively to a breach and recover from it (Lee, 2021).…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Information systems security resilience as a dynamic capability

Goel

Russell

Williamson

et al. 2023

JEIM

View full text Add to dashboard Cite

PurposeWhile the idea of the resilience of information systems security exists, there is a lack of research that conceptualizes, defines and specifies a way to measure it as a dynamic capability. Drawing on relevant cybersecurity and dynamic capabilities literature, this study aims to define Information Systems Security Resilience (ISSR) as a “dynamic capability of a firm to respond to, and recover from, a security attack” and test it as a new construct.Design/methodology/approachThe authors employ a methodology including multiple phases to develop and test this construct of ISSR. The authors first interview senior managers from various organizations to establish the face validity of the construct; then develop and analyze a pilot survey for internal validity and reliability; and finally, design and deploy a field survey to test and externally validate the construct.FindingsThe authors conceptualize and define the construct of ISSR as a dynamic capability, develop a scale for its measurement and test it in a pilot and field survey. The construct is valid, and the measurement tool works. It demonstrates that resilience is something that is done, rather than had. As a capability, organizations need to track and measure ISSR, which is what this tool provides the ability to do.Originality/valueThis research contributes to the information systems and cybersecurity literature and offers valuable insights for organizations to manage their security effectively.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Literature Reviewmentioning

confidence: 99%

Section: Security and Resiliencementioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Information systems security resilience as a dynamic capability

Goel

Russell

Williamson

et al. 2023

JEIM

View full text Add to dashboard Cite

show abstract

“…Table A1 shows that there are only a few studies that have investigated psychological capital in the information security context. Out of five studies, only two have identified a negative relationship between psychological capital and ISP compliance intention (Chen et al , 2022) and protection-motivated behaviors (Burns et al , 2017). In addition, no study has investigated factors that can improve psychological capital.…”

mentioning

confidence: 99%

The influence of organizational values on employee attitude and information security behavior: the mediating role of psychological capital

Riemenschneider

Burney

Bina

2023

ICS

View full text Add to dashboard Cite

Purpose With increased remote working, employers are concerned with employees’ commitment and compliance with security procedures. Through the lens of psychological capital, this study aims to investigate whether strong organizational values can improve employees’ commitment to the organization and security behaviors. Design/methodology/approach Using Qualtrics platform, the authors conducted an online survey. The survey participants are college-educated, full-time employees. The authors used structural equation modeling to analyze 289 responses. Findings The results indicate perceived importance of organizational values is associated with increased organizational commitment and information security behavior. The authors find that psychological capital partially mediates these relations suggesting that employees’ psychological capital effectively directs employees toward an affinity for the organization and information security behavior. The results highlight the importance of organizational values for improving security behavior and organizational commitment. Second, the results suggest that psychological capital is an effective mechanism for this influence. Finally, the authors find that individual differences (gender, organizational level and education) are boundary conditions on their findings, providing a nuanced view of their results and offering opportunities for further investigation. Originality/value To the best of the authors’ knowledge, this study is the first to explore organizational values in relation to information security behaviors. In addition, this study investigates the underlying mechanism of this relationship by showing psychological capital’s mediating role in this relationship. Therefore, the authors suggest organizations create a supportive environment that appreciates innovation, quality services, diversity and collaboration. Furthermore, organizations should communicate the importance of these values to their employees to motivate them to have a stronger affective commitment and a more careful set of security behaviors.

show abstract