Factors influencing compliance with newly implemented information security policies

Jacques Ophoff, Mark Regensberg

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

As the value and risk associated with stored personal and financial information increases, information security has become an increasingly important focus for hotel owners and operators. Insider threat has become a key management issue, with employee adherence to information security policies considered by many researchers to present a critical challenge to organizations. To identify potential solutions to address this challenge, this research explores factors that contribute to information security policy compliance in a hotel environment, using the Control-Reactance Compliance Model. 156 employees of a national hotel group took part in a cross-sectional, survey-based study. Partial Least Squares Structured Equation Modelling (PLS-SEM) was used to analyze the reflective model for causal relationships between variables, with hotel specific covariates introduced to allow for multi-group analysis. The research provides practical insight into how aspects of both control theory and reactance theory affect information security policy compliance in hotel and above-property environments. There is support for the Control-Reactance Compliance Model in the hotel environment, with aspects of both control theory and reactance theory supported through statistically significant correlations with participants’ intention to comply with information security policies. This research provides practical insight into how both the manner and method of communication of information security policies may impact an employee’s intention to comply and highlights the significant influence of employee commitment to organizational change. While PLS-SEM has been widely used in behavioral information security research, this research is the first, as far as the authors are aware, to specifically consider the hotel environment. Additionally, the research establishes the generalizability of the Control-Reactance Compliance Model across different demographic and organizational contexts.
Original languageEnglish
Title of host publicationProceedings of 2019 IFIP 8.11/11.13 Dewald Roode Information Security Research Workshop
EditorsAnthony Vance
PublisherIFIP Working Group 8.11/11.13
Number of pages23
Publication statusPublished - 4 Oct 2019
Event2019 Dewald Roode Workshop on Information Systems Security Research - Bossier City, United States
Duration: 4 Oct 20195 Oct 2019
https://business.latech.edu/drw2019/

Conference

Conference2019 Dewald Roode Workshop on Information Systems Security Research
Abbreviated titleDRW 2019
CountryUnited States
CityBossier City
Period4/10/195/10/19
Internet address

    Fingerprint

Cite this

Ophoff, J., & Regensberg, M. (2019). Factors influencing compliance with newly implemented information security policies. In A. Vance (Ed.), Proceedings of 2019 IFIP 8.11/11.13 Dewald Roode Information Security Research Workshop [1] IFIP Working Group 8.11/11.13.