Advanced SearchSearch Tips
A Study on Employee`s Compliance Behavior towards Information Security Policy : A Modified Triandis Model
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
  • Journal title : Journal of Digital Convergence
  • Volume 14, Issue 4,  2016, pp.209-220
  • Publisher : The Society of Digital Policy and Management
  • DOI : 10.14400/JDC.2016.14.4.209
 Title & Authors
A Study on Employee`s Compliance Behavior towards Information Security Policy : A Modified Triandis Model
Kim, Dae-Jin; Hwang, In-Ho; Kim, Jin-Soo;
  PDF(new window)
Although organizations are providing information security policy, education and support to guide their employees in security policy compliance, accidents by non-compliance is still a never ending problem to organizations. This study investigates the factors that influence employees` information security policy compliance behavior using elements of Triandis model. We analyzed the relationships among Triandis model`s factors using PLS(Partial Least Squares). The result of the hypothesis tests shows that organization can induce individual`s information security policy compliance intention and behavior by information security policy and facilitating conditions that support it, and proves the importance of members` expected value, habit and affect about information security compliance. This study is significant in a way that it applies Triandis model in the field of information security, and presents direction for members` information security behavior, and will be able to provide measures to establish organization`s information security policy and increase members` compliance behavior.
Information Security Policy;Triandis Model;Social Factor;Individual Cognitive Factor;Compliance Intention;Compliance Behavior;
 Cited by
조직구성원의 정보보안 정책 준수의도: 계획된 행동이론, 목표설정이론, 억제이론의 적용,황인호;이혜영;

디지털융복합연구, 2016. vol.14. 7, pp.155-166 crossref(new window)
J. Han and Y. Kim, "Investigating of Psychological Factors Affecting Information Security Compliance Intention: Convergent Approach to Information Security and Organizational Citizenship Behavior", Journal of Digital Convergence, Vol. 13, No. 8, pp. 133-144, 2015.

M. Yim, "A Path Way to Increase the Intention to Comply with Information Security Policy of Employees", Journal of Digital Convergence, Vol. 10, No. 10, pp. 119-128, 2012.

Verizon, 2015 Data Breach Investigations Report, 2015.

M. Yim and K. Han, "An Investigation of the Factors that Influence the Compliance to Information Security Policy : From Risk Compensation Theory", Journal of Digital Convergence, Vol. 11, No. 10, pp. 153-168, 2013.

J. Do and J. Kim, "A Study on Critical Success Factors for Enterprise Security Collaboration", Journal of Digital Convergence, Vol. 12, No. 10, pp.235-242, 2014.

M. Yim, "An Investigation of the Factors that Influence the Compliance to Information Security Policy: From Risk Compensation Theory", Journal of Digital Convergence, Vol. 11, No. 2, pp.19-32, 2013.

T. Jeong, M. Yim and J. Lee, "A Development of Comprehensive Framework for Continuous Information Security", Journal of Digital Convergence, Vol. 10, No. 2, pp.1-10, 2012.

R. M. Emerson, "Social Exchange Theory", Annual Review of Sociology, Vol. 2, pp. 335-362, 1976. crossref(new window)

L. D. Molm, "Structure, Action, and Outcomes: The Dynamics of Power in Social Exchange", American Sociological Review, Vol. 55, No. 3, pp. 427-447, 1990. crossref(new window)

C. A. Sims, "Implications of Rational Inattention", Journal of Monetary Economics, Vol. 50, No. 3, pp. 665-690, 2003. crossref(new window)

Q. Hu, Z. Xu, T. Dinev and H. Ling, "Does Deterrence Work in Reducing Information Security Policy Abuse by Employees?", Communications of the ACM, Vol. 54, No. 6, pp. 54-60, 2011.

A. R. Said, H. Abdullah, J. Uli and Z. A. Mohamed, "Relationship between Organizational Characteristics and Information Security Knowledge Management Implementation", Procedia-Social and Behavioral Sciences, Vol. 123, No. 20, pp. 433-443, 2014. crossref(new window)

S. Ernest Chang and C. S. Lin, "Exploring Organizational Culture for Information Security Management", Industrial Management & Data Systems, Vol. 107, No. 3, pp.438-458, 2007 crossref(new window)

H. C. Triandis, Values, Attitudes, and Interpersonal Behavior, in Nebraska Symposium on Motivation, 1979: Beliefs, Attitudes, and Values, Lincoln, NE: University of Nebraska Press, pp. 195-259, 1980.

B. Bulgurcu, H. Cavusoglu and I. Benbasat, "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness", MIS Quarterly, Vol. 34, No. 3, pp. 523-548, 2010. crossref(new window)

R. West, "The Psychology of Security", Communications of the ACM, Vol. 51, No. 4, pp. 34-40, 2008.

C. Park and M. Yim, "An Understanding of Impact of Security Countermeasures on Persistent Policy Compliance", Journal of Digital Convergence, Vol. 10, No. 4, pp. 23-35, 2012.

J. D'Arcy, A. Hovav and D. Galletta, "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach", Information Systems Research, Vol. 20, No. 1, pp. 79-98, 2009. crossref(new window)

R. L. Thompson, C. H. Higgins and J. M. Howell, "Towards a Conceptual Model of Utilization", MIS Quarterly, Vol. 15, No. 1, pp. 125-43, 1991. crossref(new window)

M. K. Chang and W. Cheung, "Determinants of the Intention to Use Internet/WWW at Work: A Confirmatory Study", Information & Management, Vol. 39, No. 1, pp. 1-14, 2001. crossref(new window)

A. Vance, M. Siponen and S. Pahnila, "Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory", Information & Management, Vol. 49, No. 3, pp. 190-198, 2012. crossref(new window)

Y. Chen, K. Ramamurthy and K. W. Wen, "Organizations' Information Security Policy Compliance: Stick or Carrot Approach?", Journal of Management Information Systems, Vol. 29, No. 3, pp. 157-188, 2012. crossref(new window)

F. Bergeron, L. Raymond, S. Rivard and M. F. Gara, "Determinants of EIS Use: Testing a Behavioral Model", Decision Support Systems, Vol. 14, No. 2, pp. 131-46, 1995. crossref(new window)

M. Limayem, S. G. Hirt, "Force of Habit and Information Systems Usage: Theory and Initial Validation", Journal of Association for Information Systems, Vol. 4, pp. 65-97, 2003. crossref(new window)

C. Cheung and M. Limayem, "The Role of Habit in Information Systems Continuance: Examining the Evolving Relationship between Intention and Usage", Proceedings of the Twenty-Sixth International Conference on Information Systems, Las Vegas, pp. 471-482, 2005.

M. K. Chang, W. Cheung, C. H. Cheng, and J. H. Yeung, "Understanding ERP System Adoption from the Users' Perspective", International Journal of Production Economics, Vol. 113, No. 2, pp. 928-942, 2008. crossref(new window)

W. Cheung, M. K. Chang and V. S. Lai, "Prediction of Internet and World Wide Web Usage at Work: A Test of an Extend Triandis Model", Decision Support Systems, Vol. 30, No. 1, pp. 83-100, 2000. crossref(new window)

M. Fishbein and I. Ajzen, Belief, Attitude, Intention and Behavior: An Introduction to Theory and Research, Reading, MA: Addison-Wesley Publishing Company, 1975.

T. Herath and H. R. Rao, "Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness", Decision Support Systems, Vol. 47, No. 2, pp. 154-165, 2009. crossref(new window)

M. Siponen, S. Pahnila and M. A. Mahmood, "Compliance with Information Security Policies: An Empirical Investigation", Computer, Vol. 43, No. 2, pp. 64-71, 2010.

R. Von Solms, "Information Security Management: Why Standards are Important", Information Management & Computer Security, Vol. 7, No. 1, pp. 50-58, 1999. crossref(new window)

S. Lee, S. Lee and S. Yoo, "An Integrative Model of Computer Abuse Based on Social Control and General Deterrence Theories", Information & Management, Vol. 41, No. 6, pp. 707-718, 2004. crossref(new window)

C. T. Upfold and D. A. Sewry, "An Investigation of Information Security in Small and Medium Enterprises (SMEs) in the Eastern Cape", In: H. S. Venter, J. H. P. Eloff, L. Labuschagne, & M. M. Eloff (Eds.), Proceedings of the ISSA 2005 new knowledge today conference, 29 June-1 July 2005, South Africa, Article 082, pp.1-17, 2005.

J. G. Dawes, "Do Data Characteristics Change According to the Number of Scale Points Used? An Experiment Using 5 Point, 7 Point and 10 Point Scales", International Journal of Market Research, Vol. 51, No. 1, pp. 61-77. 2008.

M. Siponen, S. Pahnila and A. Mahmood, "Factors Influencing Protection Motivation and IS Security Policy Compliance", Innovations in Information Technology, pp. 1-5, 2006.

J. C. Nunnally, I. H. Bernstein, Psychometric Theory(3rd ed.), New York: McGraw-Hill, 1994.

C. Fornell and D. F. Larcker, "Evaluating Structural Equation Models with Unobservable Variables and Measurement Error", Journal of Marketing Research, Vol. 18, No. 1, pp.39-50, 1981. crossref(new window)

M. Noh, K. Lee, S. Kim and G. Garrison, "Effect of Collectivism on Actual S-Commerce Use and the Moderating Effect of Price Consciousness", Journal of Electronic Commerce Research, Vol. 14, No. 3, pp. 244-260, 2013.

R. E. Walpole, R. H. Myers, S. L. Myers, and K. Ye, Probability and Statistics for Engineers and Scientists (Vol. 5). New York: Macmillan, 1993.

N. K. Malhotra, S. S. Kim and A. Patil, "Common Method Variance in IS Research: A Comparison of Alternative Approaches and a Reanalysis of Past Research", Management Science, Vol. 52, No. 12, pp. 1865-1883, 2006. crossref(new window)

P. A. Pavlou and M. Fygenson, "Understanding and Predicting Electronic Commerce Adoption: An Extension of the Theory of Planned Behavior", MIS Quarterly, Vol. 30, No. 1, pp. 115-144, 2006. crossref(new window)

P. Podsakoff, S. MacKenzie, J. Lee and N. Podsakoff, "Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies", Journal of Applied Psychology, Vol. 88, No. 5, pp. 879-903, 2003. crossref(new window)

H. Liang, N. Saraf, Q. Hu and Y. Xue, "Assimilation of Enterprise Systems: The Effect of Institutional Pressures and the Mediating Role of Top-Management", MIS Quarterly, Vol. 31, No. 1, pp. 59-87, 2007. crossref(new window)

L. J. Williams, J. R. Edwards and R. J. Vandenberg, "Recent Advances in Causal Modeling Methods for Organizational and Management Research", Journal of Management, Vol. 29, No. 6, pp. 903-936, 2003.

W. W. Chin, "Issues and Opinion on Structural Equation Modeling", MIS Quarterly, Vol. 22, No. 1, pp. 52-104, 1998.

M. Tenenhaus, V. E Vinzi, Y. M. Chatelin and C. Lauro, "PLS Path Modeling", Computational Statistics & Data Analysis, Vol. 48, No. 1, pp. 159-205, 2005. crossref(new window)