Factors influencing compliance with newly implemented information security policies

Jacques Ophoff; Mark Regensberg

Factors influencing compliance with newly implemented information security policies

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

As the value and risk associated with stored personal and financial information increases, information security has become an increasingly important focus for hotel owners and operators. Insider threat has become a key management issue, with employee adherence to information security policies considered by many researchers to present a critical challenge to organizations. To identify potential solutions to address this challenge, this research explores factors that contribute to information security policy compliance in a hotel environment, using the Control-Reactance Compliance Model. 156 employees of a national hotel group took part in a cross-sectional, survey-based study. Partial Least Squares Structured Equation Modelling (PLS-SEM) was used to analyze the reflective model for causal relationships between variables, with hotel specific covariates introduced to allow for multi-group analysis. The research provides practical insight into how aspects of both control theory and reactance theory affect information security policy compliance in hotel and above-property environments. There is support for the Control-Reactance Compliance Model in the hotel environment, with aspects of both control theory and reactance theory supported through statistically significant correlations with participants’ intention to comply with information security policies. This research provides practical insight into how both the manner and method of communication of information security policies may impact an employee’s intention to comply and highlights the significant influence of employee commitment to organizational change. While PLS-SEM has been widely used in behavioral information security research, this research is the first, as far as the authors are aware, to specifically consider the hotel environment. Additionally, the research establishes the generalizability of the Control-Reactance Compliance Model across different demographic and organizational contexts.

Original language	English
Title of host publication	Proceedings of 2019 IFIP 8.11/11.13 Dewald Roode Information Security Research Workshop
Editors	Anthony Vance
Publisher	IFIP Working Group 8.11/11.13
Number of pages	23
Publication status	Published - 4 Oct 2019
Externally published	Yes
Event	2019 Dewald Roode Workshop on Information Systems Security Research - Bossier City, United States Duration: 4 Oct 2019 → 5 Oct 2019 https://business.latech.edu/drw2019/

Conference

Conference	2019 Dewald Roode Workshop on Information Systems Security Research
Abbreviated title	DRW 2019
Country/Territory	United States
City	Bossier City
Period	4/10/19 → 5/10/19
Internet address	https://business.latech.edu/drw2019/

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

https://ifip.byu.edu/2019/DRW2019_paper_9.pdfLicence: Unspecified

Jacques Ophoff
- j.ophoffabertay.acuk
- Division of Cybersecurity - Senior Lecturer
Person: Academic

Cite this

@inproceedings{0d39824e210a4498a012bf4d119936c4,

title = "Factors influencing compliance with newly implemented information security policies",

abstract = "As the value and risk associated with stored personal and financial information increases, information security has become an increasingly important focus for hotel owners and operators. Insider threat has become a key management issue, with employee adherence to information security policies considered by many researchers to present a critical challenge to organizations. To identify potential solutions to address this challenge, this research explores factors that contribute to information security policy compliance in a hotel environment, using the Control-Reactance Compliance Model. 156 employees of a national hotel group took part in a cross-sectional, survey-based study. Partial Least Squares Structured Equation Modelling (PLS-SEM) was used to analyze the reflective model for causal relationships between variables, with hotel specific covariates introduced to allow for multi-group analysis. The research provides practical insight into how aspects of both control theory and reactance theory affect information security policy compliance in hotel and above-property environments. There is support for the Control-Reactance Compliance Model in the hotel environment, with aspects of both control theory and reactance theory supported through statistically significant correlations with participants{\textquoteright} intention to comply with information security policies. This research provides practical insight into how both the manner and method of communication of information security policies may impact an employee{\textquoteright}s intention to comply and highlights the significant influence of employee commitment to organizational change. While PLS-SEM has been widely used in behavioral information security research, this research is the first, as far as the authors are aware, to specifically consider the hotel environment. Additionally, the research establishes the generalizability of the Control-Reactance Compliance Model across different demographic and organizational contexts.",

author = "Jacques Ophoff and Mark Regensberg",

year = "2019",

month = oct,

day = "4",

language = "English",

editor = "Anthony Vance",

booktitle = "Proceedings of 2019 IFIP 8.11/11.13 Dewald Roode Information Security Research Workshop",

publisher = "IFIP Working Group 8.11/11.13",

note = "2019 Dewald Roode Workshop on Information Systems Security Research, DRW 2019 ; Conference date: 04-10-2019 Through 05-10-2019",

url = "https://business.latech.edu/drw2019/",

}

Ophoff, J & Regensberg, M 2019, Factors influencing compliance with newly implemented information security policies. in A Vance (ed.), Proceedings of 2019 IFIP 8.11/11.13 Dewald Roode Information Security Research Workshop., 1, IFIP Working Group 8.11/11.13, 2019 Dewald Roode Workshop on Information Systems Security Research, Bossier City, Louisiana, United States, 4/10/19. <https://ifip.byu.edu/2019/DRW2019_paper_9.pdf>

TY - GEN

T1 - Factors influencing compliance with newly implemented information security policies

AU - Ophoff, Jacques

AU - Regensberg, Mark

PY - 2019/10/4

Y1 - 2019/10/4

N2 - As the value and risk associated with stored personal and financial information increases, information security has become an increasingly important focus for hotel owners and operators. Insider threat has become a key management issue, with employee adherence to information security policies considered by many researchers to present a critical challenge to organizations. To identify potential solutions to address this challenge, this research explores factors that contribute to information security policy compliance in a hotel environment, using the Control-Reactance Compliance Model. 156 employees of a national hotel group took part in a cross-sectional, survey-based study. Partial Least Squares Structured Equation Modelling (PLS-SEM) was used to analyze the reflective model for causal relationships between variables, with hotel specific covariates introduced to allow for multi-group analysis. The research provides practical insight into how aspects of both control theory and reactance theory affect information security policy compliance in hotel and above-property environments. There is support for the Control-Reactance Compliance Model in the hotel environment, with aspects of both control theory and reactance theory supported through statistically significant correlations with participants’ intention to comply with information security policies. This research provides practical insight into how both the manner and method of communication of information security policies may impact an employee’s intention to comply and highlights the significant influence of employee commitment to organizational change. While PLS-SEM has been widely used in behavioral information security research, this research is the first, as far as the authors are aware, to specifically consider the hotel environment. Additionally, the research establishes the generalizability of the Control-Reactance Compliance Model across different demographic and organizational contexts.

AB - As the value and risk associated with stored personal and financial information increases, information security has become an increasingly important focus for hotel owners and operators. Insider threat has become a key management issue, with employee adherence to information security policies considered by many researchers to present a critical challenge to organizations. To identify potential solutions to address this challenge, this research explores factors that contribute to information security policy compliance in a hotel environment, using the Control-Reactance Compliance Model. 156 employees of a national hotel group took part in a cross-sectional, survey-based study. Partial Least Squares Structured Equation Modelling (PLS-SEM) was used to analyze the reflective model for causal relationships between variables, with hotel specific covariates introduced to allow for multi-group analysis. The research provides practical insight into how aspects of both control theory and reactance theory affect information security policy compliance in hotel and above-property environments. There is support for the Control-Reactance Compliance Model in the hotel environment, with aspects of both control theory and reactance theory supported through statistically significant correlations with participants’ intention to comply with information security policies. This research provides practical insight into how both the manner and method of communication of information security policies may impact an employee’s intention to comply and highlights the significant influence of employee commitment to organizational change. While PLS-SEM has been widely used in behavioral information security research, this research is the first, as far as the authors are aware, to specifically consider the hotel environment. Additionally, the research establishes the generalizability of the Control-Reactance Compliance Model across different demographic and organizational contexts.

M3 - Conference contribution

BT - Proceedings of 2019 IFIP 8.11/11.13 Dewald Roode Information Security Research Workshop

A2 - Vance, Anthony

PB - IFIP Working Group 8.11/11.13

T2 - 2019 Dewald Roode Workshop on Information Systems Security Research

Y2 - 4 October 2019 through 5 October 2019

ER -

Factors influencing compliance with newly implemented information security policies

Abstract

Conference

UN SDGs

Access to Document

Fingerprint

Profiles

Jacques Ophoff

Cite this