Past research suggests that the demands of information security policies (ISPs) cause stress upon employees, leading them to violate the policies. It emphasises the distress process but overlooks a ...possible positive process that may arise from the ISP demands (i.e., the eustress process) and motivate employees to reduce ISP violations. This study explores both the distress and eustress processes. It proposes that the challenge and hindrance aspects of ISP demands induce these processes and subsequently affect ISP violations. Besides, employees' ISP-related self-efficacy may facilitate or impede these processes. To test the research model, a survey was conducted on 375 employees in the U.S. The results show that the challenge aspect of ISP demands elicits a positive psychological response of employees, which in turn triggers their planful problem-solving to deal with these demands. In contrast, the hindrance aspect of ISP demands provokes a negative psychological response that triggers employees' wishful thinking about ISP demands. Meanwhile, employees' self-efficacy strengthens the effect of positive psychological response on planful problem-solving. Subsequently, planful problem-solving reduces employees' intention to violate the ISP, while wishful thinking increases their intention. This dual-process view sheds new light on the connection between ISP demands and ISP violation intention.
The development of an information security policy involves more than mere policy formulation and implementation. Unless organisations explicitly recognise the various steps required in the ...development of a security policy, they run the risk of developing a policy that is poorly thought out, incomplete, redundant and irrelevant, and which will not be fully supported by the users. This paper argues that an information security policy has an entire life cycle through which it must pass during its useful lifetime. A formal content analysis of information security policy development methods was conducted using secondary sources. Based on the results of the content analysis, a conceptual framework was subsequently developed. The proposed framework outlines the various constructs required in the development and implementation of an effective information security policy. In the course of this study, a survey of 310 security professionals was conducted in order to validate and refine the concepts contained in the key component of the framework: the ISPDLC.
•An organization with proficient information security controls achieves better compliance, which leads to a decrease in computer based occupational fraud.•Information security control proficiency ...(ISCP) is a function of the quality of information security policy and its enforcement. Effective integration of these two aspects contributes to enhancing information security policy compliance.
As more business processes and information assets are digitized, computer resources are increasingly being misused to perpetrate fraudulent activities. Research shows that fraud committed by (or with) trusted insiders (called occupational fraud or internal organizational fraud) is responsible for significantly more damage than that committed by external actors (for example, cyber fraud). Current fraud research has primarily focused on the person perpetuating the fraud instead of the internal mechanisms organizations can employ in reducing fraud. The study examines the relationship between compliance with organizations' technology controls (primarily focused on information security) and its impact on computer-based occupational fraud. Based on general deterrence and fraud triangle theories, the study proposes information security control proficiency (ISCP) modeled as an integration of the quality of information security policy and its enforcement as a key factor that influences information security policy compliance. We further postulate that compliance with information security policy mediates the relationship between information security control proficiency and computer-based-occupational fraud. Empirical assessment supports the structure of the information security control proficiency construct. Model testing shows that information security control proficiency positively impacts information security policy compliance, which further deters the use of a company's computer systems and resources to conduct fraudulent activities. Thus, if an organization establishes high-quality information security policies and supports the policies with effective enforcement, it correspondingly leads to better compliance. Furthermore, less fraud is committed when compliance with information security controls is high. We offer various managerial implications and future research extension ideas.
We use coping theory to explore an underlying relationship between employee stress caused by burdensome, complex, and ambiguous information security requirements (termed "security-related stress" or ...SRS) and deliberate information security policy (ISP) violations. Results from a survey of 539 employee users suggest that SRS engenders an emotion-focused coping response in the form of moral disengagement from ISP violations, which in turn increases one's susceptibility to this behavior. Our multidimensional view of SRS-comprised of security-related overload, complexity, and uncertainty-offers a new perspective on the workplace environment factors that foster noncompliant user behavior and inspire cognitive rationalizations of such behavior. The study extends technostress research to the information systems security domain and provides a theoretical framework for the influence of SRS on user behavior. For practitioners, the results highlight the incidence of SRS in organizations and suggest potential mechanisms to counter the stressful effects of information security requirements.
This cutting-edge book explores the practices and socialization of the everyday foreign policy making in the European Union (EU), focusing on the individuals who shape and implement the Common ...Foreign and Security Policy despite a growing dissension among member states.The authors provide theoretically informed analyses based on up-to-date empirical material from the Political and Security Committee, Council working groups, the European External Action Service, EU delegations, military and civilian missions and operations and EU member state embassies. They illustrate the ways in which European foreign policy is shaped through the daily work of diplomats, exploring the communities of practice that are formed in the process of policy-making in the EU. Combining socialization and practice approaches, the book offers an innovative take on the motivations behind integration at a time of European discord.Providing a unique inside account of diplomatic practices and the coordination of EU foreign policy, this insightful book is crucial reading for students of political science and international relations at all levels seeking to better understand the minutiae of formulating and coordinating EU foreign and security policy. Its empirical analyses will also benefit scholars and researchers interested in European integration and socialization in international organizations, as well as practitioners, such as diplomats and European civil servants.
Gulf stability is coming to play a larger role in the foreign policy calculus of many states, but the evolving role of Asian powers is largely under-represented in the International Relations ...literature. This volume addresses this gap with a set of empirically rich, theory driven case studies written by academics from or based in the countries in question. The underlying assumption is not that Asian powers have already become important security actors in the Gulf, but rather that they perceive the Gulf as a region of increasing strategic relevance. How will leaders in these countries adjust to an evolving regional framework? Will there be coordinated efforts to establish an Asian-centered approach to Gulf stability, or will Asian rivalries make the region a theater of competition? Will US–China tensions force alignment choices among Asian powers? Will Asian states balance, bandwagon, hedge, or adopt some other approach to their Gulf relationships? These questions become even more important as the western boundaries of Asia increasingly come to incorporate the Middle East. The book will appeal to scholars and students in the fields of International Relations, Security Studies, and International Political Economy, as well as area specialists on the Gulf and those working on foreign policy issues on each of the Asian countries included. Professionals in government and non-government agencies will also find it very useful.
Japan is emerging as a more prominent global and regional military power, defying traditional categorisations of a minimalist contribution to the US-Japan alliance, maintaining anti-militarism, ...seeking an internationalist role, or carving out more strategic autonomy. Instead, this Element argues that Japan has fundamentally shifted its military posture over the last three decades and traversed into a new categorisation of a more capable military power and integrated US ally. This results from Japan's recognition of its fundamentally changing strategic environment that requires a new grand strategy and military doctrines. The shift is traced across the national security strategy components of Japan Self-Defence Forces' capabilities, US-Japan alliance integration, and international security cooperation. The Element argues that all these components are subordinated inevitably to the objectives of homeland security and re-strengthening the US-Japan alliance, and thus Japan's development as international security partner outside the ambit of the bilateral alliance remains stunted. This title is also available as Open Access on Cambridge Core.
The proliferation of the Bring Your Own Device (BYOD) policy has instigated a widespread change across organizations. However, employees' compliance toward BYOD security policy remains a challenge. ...Building on the organizational control, security culture, and social cognitive theory, a research framework for analyzing BYOD security policy compliance factors was developed in this study. To validate the framework, 346 responses were obtained from three Critical National Information Infrastructure (CNII) agencies. Using Partial Least Square-Sequential Equation Modelling (PLS-SEM), the study confirmed that perceived mandatoriness, self-efficacy, and psychological ownership are influential in predicting BYOD security policy compliance. Specification of policy is associated with perceived mandatoriness. Self-efficacy is associated with both BYOD IT support and SETA. Further, security culture was found to have no significant relationship with BYOD security policy compliance.
The legitimate use of force is generally presumed to be the realm of the state. However, the flourishing role of the private sector in security over the last twenty years has brought this into ...question. In this book Deborah Avant examines the privatization of security and its impact on the control of force. She describes the growth of private security companies, explains how the industry works, and describes its range of customers – including states, non-government organisations and commercial transnational corporations. She charts the inevitable trade-offs that the market for force imposes on the states, firms and people wishing to control it, suggests a new way to think about the control of force, and offers a model of institutional analysis that draws on both economic and sociological reasoning. The book contains case studies drawn from the US and Europe as well as Africa and the Middle East.