APJIS Asia Pacific Journal of Information Systems

???

The Journal for Information Professionals

Asia Pacific Journal of Information Systems (APJIS), a Scopus and ABDC indexed journal, is a
flagship journal of the information systems (IS) field in the Asia Pacific region.

ISSN 2288-5404 (Print) / ISSN 2288-6818 (Online)

Editor : Seung Hyun Kim

View full editorial board

menu05_sub01_ov.gif

Share this page

Current Issue

Date December 2023
Vol. No. Vol. 33 No. 4
DOI https://doi.org/10.14329/apjis.2023.33.4.863
Page 863~898
Title Investigate the Roles of Sanctions, Psychological Capital, and Organizational Security Resources Factors in Information Security Policy Violation
Author Ayman Hasan Asfoor, Hairoladenan kasim, Aliza Binti Abdul Latif, Fiza Binti Abdul Rahim
Keyword Violation of Information Security Policy, Psychological Capital, Organizational Punishment, Organizational Security Resource
Abstract Previous studies have shown that insiders pose risks to the security of organisations’ secret information. Information security policy (ISP) intentional violation can jeopardise organisations. For years, ISP violations persist despite organisations’ best attempts to tackle the problem through security, education, training and awareness (SETA) programs and technology solutions. Stopping hacking attempts e.g., phishing relies on personnel’s behaviour. Therefore, it is crucial to consider employee behaviour when designing strategies to protect sensitive data. In this case, organisations should also focus on improving employee behaviour on security and creating positive security perceptions. This paper investigates the role of psychological capital (PsyCap), punishment and organisational security resources in influencing employee behaviour and ultimately reducing ISP violations. The model of the proposed study has been modified to investigate the connection between self-efficacy, resilience, optimism, hope, perceived sanction severity, perceived sanction certainty, security response effectiveness, security competence and ISP violation. The sample of the study includes 364 bank employees in Jordan who participated in a survey using a self-administered questionnaire. The findings show that the proposed approach acquired an acceptable fit with the data and 17 of 25 hypotheses were confirmed to be correct. Furthermore, the variables self-efficacy, resilience, security response efficacy, and protection motivation directly influence ISP violations, while perceived sanction severity and optimism indirectly influence ISP violations through protection motivation. Additionally, hope, perceived sanction certainty, and security skills have no effect on ISP infractions that are statistically significant. Finally, self-efficacy, resiliency, optimism, hope, perceived severity of sanctions, perceived certainty of sanctions, perceived effectiveness of security responses, and security competence have a substantial influence on protection motivation.


Home     l      Site Map      l       Abstracting/Indexing      l      FAQ      l      Publisher      l       Contact Us     l       Admin Login

© 2013 The Korean Society of Management Information Systems. All rights reserved.