Stress-based security compliance model - An exploratory study

Hiep Cong Pham, Jamal El-Den, Joan Richardson

    Research output: Contribution to journalArticle

    Abstract

    Purpose: This paper aims to extend current information security compliance research by adapting "work-stress model" of the extended Job Demands-Resources model to explore how security compliance demands, organization and personal resources influence end-user security compliance. The paper proposes that security compliance burnout and security engagement as the mediating factors between security compliance demands, organizational and personal resources and individual security compliance. 

    Design/methodology/approach: The authors used a multi-case in-depth interview method to explore the relevance and significance of security demands, organizational resources and personal resources on security compliance at work. Seventeen participants in three organizations including a bank, a university and an oil distribution company in Vietnam were interviewed during a four-month period. Findings - The study identified three security demands, three security resources and two aspects of personal resources that influence security compliance. The study demonstrates that the security environment factors such as security demands and resources affected compliance burden and security engagement. Personal resources could play an integral role in moderating the impact of security environment on security compliance.

    Research limitations/implications: The findings presented are not generalizable to the wider population of end-users in Vietnam due to the small sample size used in the interviews. Further quantitative studies need to measure the extent of each predictor on security compliance. 

    Originality/value: The originality of the research stems from proposing not only stress-based but also motivating factors from the security environment on security compliance. By using qualitative approach, the study provides more insight to understand the impact of the security environments on security compliance.

    Original languageEnglish
    Pages (from-to)326-347
    Number of pages22
    JournalInformation and Computer Security
    Volume24
    Issue number4
    DOIs
    Publication statusPublished - 2016

    Fingerprint Dive into the research topics of 'Stress-based security compliance model - An exploratory study'. Together they form a unique fingerprint.

  • Cite this