Advanced SearchSearch Tips
The Employee`s Information Security Policy Compliance Intention : Theory of Planned Behavior, Goal Setting Theory, and Deterrence Theory Applied
facebook(new window)  Pirnt(new window) E-mail(new window) Excel Download
  • Journal title : Journal of Digital Convergence
  • Volume 14, Issue 7,  2016, pp.155-166
  • Publisher : The Society of Digital Policy and Management
  • DOI : 10.14400/JDC.2016.14.7.155
 Title & Authors
The Employee`s Information Security Policy Compliance Intention : Theory of Planned Behavior, Goal Setting Theory, and Deterrence Theory Applied
Hwang, In-Ho; Lee, Hye-Young;
  PDF(new window)
In accordance with the increase of the importance of information security, organizations are making continuous investments to develop policies and adapt technology for information security. Organization should provide systemized support to enhance employees` security compliance intention in order to increase the degree of organization`s internal security. This research suggests security policy goal setting and sanction enforcement as a method to improve employees` security compliance in planning and enforcing organization`s security policy, and verifies the influencing relationship of Theory of Planned Behavior which explains employee`s security compliance intention. We use structural equation modeling to verify the research hypotheses, and conducted a survey on the employees of organization with information security policy. We verified the hypotheses based on 346 responses. The result shows that the degree of goal setting and sanction enforcement has positive influence on self-efficacy and coping efficacy which are antecedents that influence employees` compliance intention. As a result, this research suggested directions for strategic approach for enhancing employee`s compliance intention on organization`s security policy.
Theory of Planned Behavior;Goal Setting Theory;Information Security Compliance Intention;Security Policy Goal Setting Attitudes;Sanction;
 Cited by
Gartner, Gartner Says Worldwide Information Security Spending Will Grow Almost 8 Percent in 2014 as Organizations Become More Threat-Aware, 2014,

J. Han, and Y. Kim, "Investigating of Psychological Factors Affecting Information Security Compliance Intention: Convergent Approach to Information Security and Organizational Citizenship Behavior", Journal of Digital Convergence, Vol.13, No.8, pp.133-144, 2015.

T. Jeong, M. Yim, and J.Lee, "A Development of Comprehensive Framework for Continuous Information Security", Journal of Digital Convergence, Vol. 10, No. 2, pp.1-10, 2012.

Verizon, Verizon 2013 Data Breach Investigations Report, 2013.

C. Park, and M. Yim, "An Understanding of Impact of Security Countermeasures on Persistent Policy Compliance", Journal of Digital Convergence, Vol. 10, No. 4, pp. 23-35, 2012.

B. Bulgurcu, H. Cavusoglu, and I. Benbasat, "Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness", MIS Quarterly, Vol. 34, No. 3, pp.523-548, 2010. crossref(new window)

Y. Chen, K. Ramamurthy, and K. W. Wen, "Organizations' Information Security Policy Compliance: Stick or Carrot Approach?", Journal of Management Information Systems, Vol. 29, No. 3, pp.157-188, 2012. crossref(new window)

J. D'Arcy, A. Hovav, and D. Galletta, "User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence Approach", Information Systems Research, Vol. 20, No. 1, pp.79-98, 2009. crossref(new window)

T. Herath, and H. R. Rao, "Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness", Decision Support Systems, Vol. 47, No. 2, pp.154-165, 2009. crossref(new window)

Q. Hu, Z. Xu, T. Dinev, and H. Ling, "Does Deterrence Work in Reducing Information Security Policy Abuse by Employees?", Communications of the ACM, Vol. 54, No. 6, pp.54-60, 2011.

M. Siponen, S. Pahnila, and M. A. Mahmood, "Compliance with Information Security Policies: An Empirical Investigation", Computer, Vol. 43, No. 2, pp. 64-71, 2010.

A. Vance, M. Siponen, and S. Pahnila, "Motivating IS Security Compliance: Insights from Habit and Protection Motivation Theory", Information & Management, Vol. 49, No. 3, pp.190-198, 2012. crossref(new window)

E. A. Locke, and G. P. Latham, "Building a Practically Useful Theory of Goal Setting and Task Motivation: A 35-year Odyssey", American Psychologist, Vol. 57, No. 9, pp.705-717, 2002. crossref(new window)

B. E. Wright, and B. S. Davis, "Job Satisfaction in the Public Sector the Role of the Work Environment", The American Review of Public Administration, Vol. 33, No. 1, pp.70-90, 2003. crossref(new window)

R. West, "The Psychology of Security", Communications of the ACM, Vol. 51, No. 4, pp.34-40, 2008.

M. Yim, "A Path Way to Increase the Intention to Comply with Information Security Policy of Employees", Journal of Digital Convergence, Vol. 10, No. 10, pp.119-128, 2012.

D. Kim, I. Hwang, and J. Kim, "A Study on Employee's Compliance Behavior towards Information Security Policy : A Modified Triandis Model", Journal of Digital Convergence, Vol. 14, No. 4, pp.209-220, 2016.

J. Do, and J. Kim, "A Study on Critical Success Factors for Enterprise Security Collaboration", Journal of Digital Convergence, Vol. 12, No. 10, pp.235-242, 2014.

M. Yim, "An Investigation of the Factors that Influence the Compliance to Information Security Policy: From Risk Compensation Theory", Journal of Digital Convergence, Vol. 11, No. 2, pp.19-32, 2013.

I. Hwang, D. Kim, T. Kim, and J. Kim, "The Study about Security Compliance Intention and Knowledge of Employee based on Security Culture of Organization", Information Systems Review, Vol. 18, No. 1, pp.1-23, 2016.

I. Ajzen, "The Theory of Planned Behavior", Organizational Behavior and Human Decision Processes, Vol. 50, No. 2, pp.179-211, 1991. crossref(new window)

A. C. Johnston, and M. Warkentin, "Fear Appeals and Information Security Behaviors: An Empirical Study", MIS Quarterly, Vol. 34, No. 3, pp.549-566, 2010. crossref(new window)

N. S. Safa, M. Sookhak, R. Von Solms, S. Furnell, N. A. Ghani, and T. Herawan, "Information Security Conscious Care Behaviour Formation in Organizations", Computers & Security, Vol. 53, pp.65-78, 2015. crossref(new window)

T. Dugo, "The Insider Threat to Organizational Information Security: A Structural Model and Empirical Test", Auburn University, Auburn, AL, 2007.

W. R. Flores, and M. Ekstedt, "Shaping Intention to Resist Social Engineering through Transformational Leadership, Information Security Culture and Awareness", Computers & Security, Vol. 59, pp.26-44, 2016. crossref(new window)

P. Ifinedo, "Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory", Computers & Security, Vol. 31, No. 1, pp.83-95, 2012. crossref(new window)

E. A. Locke, and G. P. Latham, "New Directions in Goal Setting Theory", Current Directions in Psychological Science, Vol. 15, No. 5, pp.265-268, 2006. crossref(new window)

C. C. Pinder, Work Motivation in Organizational Behavior. Upper Saddle River, NJ: Prentice Hall, 1998.

R. D. Pritchard, S. D. Jones, P. L. Roth, K. K. Stuebing, and S. E. Ekeberg, "Effects of Group Feedback, Goal Setting, and Incentives on Organizational Productivity", Journal of Applied Psychology, Vol. 73, No. 2, pp.337-358, 1988. crossref(new window)

J. M. Diefendorff, and G. A. Seaton, Work Motivation. International Encyclopedia of the Social & Behavioral Sciences, 2nd edn. Elsevier, Oxford, pp.680-686, 2015.

R. Vollmeyer, B. D. Burns, and K. J. Holyoak, "The Impact of Goal Specificity on Strategy Use and the Acquisition of Problem Structure", Cognitive Science, Vol. 20, No. 1, pp.75-100, 1996. crossref(new window)

E. A. Locke, and G. P. Latham, "Work Motivation and Satisfaction: Light at the End of the Tunnel", Psychological Science, Vol. 1, No. 4, pp.240-246, 1990. crossref(new window)

A. Bandura, and D. Cervone, "Self-Evaluative and Self-Efficacy Mechanisms Governing the Motivational Effects of Goal Systems", Journal of Personality and Social Psychology, Vol. 45, No, 5, pp.1017-1028, 1983. crossref(new window)

K. H. Guo, Y. Yuan, N. P. Archer, and C. E. Connelly, "Understanding Nonmalicious Security Violations in the Workplace: A Composite Behavior Model", Journal of Management Information Systems, Vol. 28, No. 2, pp.203-236, 2011. crossref(new window)

J. Y. Son, "Out of Fear or Desire? Toward a Better Understanding of Employees' Motivation to Follow IS Security Policies", Information & Management, Vol. 48, No. 7, pp.296-302, 2011. crossref(new window)

Y. Chen, K. Ramamurthy, and K. W. Wen, "Organizations' Information Security Policy Compliance: Stick or Carrot Approach?", Journal of Management Information Systems, Vol. 29, No. 3, pp.157-188, 2012. crossref(new window)

N. S. Safa, and R. Von Solms, "An Information Security Knowledge Sharing Model in Organizations", Computers in Human Behavior, Vol. 57, pp.442-451, 2016. crossref(new window)

Y. Xue, H. Liang, and L. Wu, "Punishment, Justice, and Compliance in Mandatory IT Settings", Information Systems Research, Vol. 22, No. 2, pp.400-414, 2011. crossref(new window)

J. Zhang, B. J. Reithel, and H. Li, "Impact of Perceived Technical Protection on Security Behaviors", Information Management & Computer Security, Vol. 17, No. 4, pp.330-340, 2009. crossref(new window)

B. E. Wright, "The Role of Work Context in Work Motivation: A Public Sector Application of Goal and Social Cognitive Theories", Journal of Public Administration Research and Theory, Vol. 14, No. 1, pp.59-78, 2004. crossref(new window)

J. C. Nunnally, Psychometric theory (2nd ed.). New York: McGraw-Hill, 1978.

B. H. Wixom, and H. J. Watson, "An Empirical Investigation of the Factors Affecting Data Warehousing Success", MIS Quarterly, Vol. 25, No. 1, pp.17-41, 2001. crossref(new window)

C. Fornell, and D. F. Larcker, "Evaluating Structural Equation Models with Unobservable Variables and Measurement Error", Journal of Marketing Research, Vol. 18, No. 1, pp.39-50, 1981. crossref(new window)

H. H. Harman, Modern Factor Analysis, University of Chicago Press, 1976.

P. Podsakoff, S. MacKenzie, J. Lee, and N. Podsakoff, "Common Method Biases in Behavioral Research: A Critical Review of the Literature and Recommended Remedies", Journal of Applied Psychology, Vol. 88, No. 5, pp.879-903, 2003. crossref(new window)

L. J. Williams, and S. E. Anderson, "An Alternative Approach to Method Effects by Using Latent-Variable Models: Applications in Organizational Behavior Research", Journal of Applied Psychology, Vol. 79, No. 3, pp.323-331, 1994. crossref(new window)

E. T. Higgins, "Beyond Pleasure and Pain", American Psychologist, Vol. 52, No. 12, pp.1280-1300, 1997. crossref(new window)