As the value and risk associated with stored personal and financial information increases, information security has become an increasingly important focus for hotel owners and operators. Insider threat has become a key management issue, with employee adherence to information security policies considered by many researchers to present a critical challenge to organizations. To identify potential solutions to address this challenge, this research explores factors that contribute to information security policy compliance in a hotel environment, using the Control-Reactance Compliance Model. 156 employees of a national hotel group took part in a cross-sectional, survey-based study. Partial Least Squares Structured Equation Modelling (PLS-SEM) was used to analyze the reflective model for causal relationships between variables, with hotel specific covariates introduced to allow for multi-group analysis. The research provides practical insight into how aspects of both control theory and reactance theory affect information security policy compliance in hotel and above-property environments. There is support for the Control-Reactance Compliance Model in the hotel environment, with aspects of both control theory and reactance theory supported through statistically significant correlations with participants’ intention to comply with information security policies. This research provides practical insight into how both the manner and method of communication of information security policies may impact an employee’s intention to comply and highlights the significant influence of employee commitment to organizational change. While PLS-SEM has been widely used in behavioral information security research, this research is the first, as far as the authors are aware, to specifically consider the hotel environment. Additionally, the research establishes the generalizability of the Control-Reactance Compliance Model across different demographic and organizational contexts.
|Title of host publication||Proceedings of 2019 IFIP 8.11/11.13 Dewald Roode Information Security Research Workshop|
|Publisher||IFIP Working Group 8.11/11.13|
|Number of pages||23|
|Publication status||Published - 4 Oct 2019|
|Event||2019 Dewald Roode Workshop on Information Systems Security Research - Bossier City, United States|
Duration: 4 Oct 2019 → 5 Oct 2019
|Conference||2019 Dewald Roode Workshop on Information Systems Security Research|
|Abbreviated title||DRW 2019|
|Period||4/10/19 → 5/10/19|
Ophoff, J., & Regensberg, M. (2019). Factors influencing compliance with newly implemented information security policies. In A. Vance (Ed.), Proceedings of 2019 IFIP 8.11/11.13 Dewald Roode Information Security Research Workshop  IFIP Working Group 8.11/11.13.