Many organizations recognize that their employees, who are often considered the weakest link in information security, can also be great assets in the effort to reduce risk related to information ...security. Since employees who comply with the information security rules and regulations of the organization are the key to strengthening information security, understanding compliance behavior is crucial for organizations that want to leverage their human capital. This research identifies the antecedents of employee compliance with the information security policy (ISP) of an organization. Specifically, we investigate the rationality-based factors that drive an employee to comply with requirements of the ISP with regard to protecting the organization's information and technology resources. Drawing on the theory of planned behavior, we posit that, along with normative belief and self-efficacy, an employee's attitude toward compliance determines intention to comply with the ISP. As a key contribution, we posit that an employee's attitude is influenced by benefit of compliance, cost of compliance, and cost of noncompliance, which are beliefs about the overall assessment of consequences of compliance or noncompliance. We then postulate that these beliefs are shaped by the employee's outcome beliefs concerning the events that follow compliance or noncompliance: benefit of compliance is shaped by intrinsic benefit, safety of resources, and rewards, while cost of compliance is shaped by work impediment; and cost of noncompliance is shaped by intrinsic cost, vulnerability of resources, and sanctions. We also investigate the impact of information security awareness (ISA) on outcome beliefs and an employee's attitude toward compliance with the ISP. Our results show that an employee's intention to comply with the ISP is significantly influenced by attitude, normative beliefs, and self-efficacy to comply. Outcome beliefs significantly affect beliefs about overall assessment of consequences, and they, in turn, significantly affect an employee's attitude. Furthermore, ISA positively affects both attitude and outcome beliefs. As the importance of employees' following their organizations' information security rules and regulations increases, our study sheds light on the role of ISA and compliance-related beliefs in an organization's efforts to encourage compliance.
Social network theory has produced conflicting results regarding the link between different social network structures-bridging versus bonding-and idea generation. To address this conundrum, we ...conduct a naturally occurring quasi-experiment of 126 open and 108 closed groups within an Enterprise Social Media (ESM) system of a multinational enterprise. Our findings show that idea generation occurs when the type of social network structure-bridging or bonding-is matched to a group's openness or closedness, respectively. We further show that the reverse is counterproductive: when closed groups display bridging ties and open groups display bonding ties, idea generation is significantly undermined. Theoretically, these findings clarify the conditions and mechanisms by which both bridging and bonding can result in idea generation and provide a deeper understanding of the use of ESM for idea generation. Practically, our findings provide valuable and actionable insights regarding the use of ESM for idea generation in groups.
The proliferation of enterprise social media (ESM) has created opportunities for employees to self-organize around common goals or interests. However, little is known about the different user classes ...that exist in ESM and the factors that drive contributions to ESM communities. Using multilevel analyses of secondary data from the ESM of a global organization, we find that (1) although ESM communities reflect a core-periphery structure similar to that identified in other forms of online communities, nearly two-thirds of the users represent promoters-a distinct class of users who use the platform primarily to post promotional content without viewing existing content created by others; and (2) despite individual differences in user type, the actual contribution to an ESM community is the result of an intricate interaction between a user's disposition for participation and a set of group characteristics. Our findings suggest that recognizing the unique contribution patterns of different user groups is key to understanding participation in ESM communities.
Transparency—the observability of activities, behaviors, and performance—is often treated as a panacea
for modern management. Yet there is a conundrum in the literature, with some studies suggesting ...that
transparency may benefit group creativity and others suggesting that privacy may do so. A similar
conundrum exists regarding the effects of different social capital types—structural holes vs. network
cohesion—on group creativity. Enterprise social media (ESM) provide a unique opportunity to solve these
conundrums by allowing groups to be “transparent” (non-group members can observe and/or participate
in group activities) or “private” (group members and activities are hidden from the community) and
enabling groups to develop distinct social capital structures. Using data from 28,083 written interactions
produced by 109 transparent and 106 private groups in an ESM of a multinational design firm, we found
strong support for our contingency hypotheses that both transparent and private groups may produce high
levels of creative dialogues, yet in different forms. Specifically, expansion-focused creative dialogues—
those focused on combining or expanding existing concepts—emerge in transparent groups, but only
when the group’s social capital is characterized by structural holes. Conversely, we found that reframingfocused dialogues—those focused on challenging and rethinking—emerge in private groups but only
when the group’s social capital is characterized by network cohesion. Theoretically, these findings can
help to solve the conundrums in the literature on group creativity and shed light on the role of ESM use
in this context. Practically, our findings offer a critical reflection o contemporary initiatives for increasing
transparency, whether through physical design or digital transformation.
This study examines the relationship between the traits of a perfectionist personality and burnout. Perfectionists constantly set extremely high standards and make great efforts to achieve. In this ...regard, it can be stated that perfectionism is a concept that is closely related to burnout. The sample consisted of 158 employees working in a marble enterprise operating in the province of Burdur. As a result of the research, all hypotheses were supported. A statistically positive and significant relationship between the variables in the model was found. In other words, a significant and positive relationship was found between self-oriented perfectionism and emotional exhaustion, depersonalization, and personal accomplishment, which are the sub-scales of burnout.
It has been widely known that employees pose insider threats to the information and technology resources of an organization. In this paper, we develop a model to explain insiders' intentional ...violation of the requirements of an information security policy. We propose sunk cost as a mediating factor. We test our research model on data collected from three information-intensive organizations in banking and pharmaceutical industries (n=502). Our results show that sunk cost acts as a mediator between the proposed antecedents of sunk cost (i.e., completion effect and goal in congruency) and intentions to violate the ISP. We discuss the implications of our results for developing theory and for re-designing current security agendas that could help improve compliance behavior in the future.
This paper investigates the impact of the characteristics of information security policy (ISP) on an employee's security compliance in the workplace. Two factors were proposed as the antecedents of ...employees' security compliance: ISP Fairness and ISP Quality. ISP Quality is comprised of three quality dimensions--Clarity, Completeness, and Consistency. It is shown that ISP fairness has a strong positive effect on an employee's ISP Compliance. In addition, it is found that ISP quality does not only have a strong positive influence on an employee's ISP compliance but also have a strong influence on an employee's perceived ISP fairness. This study contributes to the literature by highlighting the importance of ISP characteristics; namely, ISP quality and ISP fairness as an organizational resource to enhance an organization's information security.
There is a perceived disconnect between how ad hoc industry solutions and academic research solutions in cyber security are developed and applied. Why is that? Is there a difference in philosophy in ...how solutions to cyber security problems are developed by industry and by academia? What could academia and industry do to bridge this gap and speed up the development and use of effective cybersecurity solutions? This position paper provides an overview of the most critical gaps and solutions identified by an interdisciplinary expert exchange on the topic. The discussion was held in the form of the webinar "Bridging the Bubbles: Connecting Academia and Industry in Cybersecurity Research" in November 2022 as part of the Rogers Cybersecure Catalyst webinar series. Panelists included researchers from academia and industry as well as experts from industry and business development. The key findings and recommendations of this exchange are supported by the relevant scientific literature on the topic within this paper. Different approaches and time frames in development and lifecycle management, challenges in knowledge transfer and communication as well as heterogeneous metrics for success in projects are examples of the evaluated subject areas.