Organization Deterrence And Information Security Policy Compliance

With the continuous popularization and extensive application of information technology and e-commerce in the organization,more and more organizations invest more technical resources in IT operations and information security management.This not only promotes the operation of the organization's business system,but also brings great convenience to the work of the organization's employees.At the same time,the hidden information security risks are increasing.Especially in recent years,infonnation security accidents caused by employees have become increasingly frequent,and employees'violation of information security policy has become a major threat to information security of organizations.Therefore,the management of employees' information security behavior and the promotion of employees' information security policy compliance have attracted extensive attention from the industry and academia.Previous studies on employee information security policy compliance have yielded fruitful results.According to the existing research results,most scholars combine the theories of organizational behavior,criminology and social psychology to study the factors that affect employees' information security policy compliance.Existing research shows that the leadership style of senior managers is a key factor influencing employees'willingness to comply with information security policies.Previous research Angle of view of information security behavior based on leadership styles too much focus on moral leadership style,but negative leadership style in the past research seldom consider,abusive supervision is a negative leadership style of the organization,whether it will affect employees' information security policy compliance,also has not yet come to the attention of scholars.In addition,organizational deterrence has been regarded as the primary way to effectively improve employees' willingness to comply with information security policies.However,in recent years,some empirical studies have found that organizational deterrence is not effective for all employees who violate the information security policy,and it will have different effects in different organizational situations.Therefore,whether abusive supervision can affect the relationship between organizational deterrence and employee information security policy compliance has not been empirically analyzed and tested.In view of this,based on the above two research gaps,it is necessary and of great practical significance to further explore the impact of organizational deterrence and abusive management on employees' willingness to comply with information security policies.This article are based on the deterrence theory and abusive supervision to study the employees' information security policy compliance intention,build a theoretical model to explore the abusive supervision for staff comply with information security policy will directly affect,and the abusive supervision on organizational deterrence and the regulation of relationships between employees comply with information security policy will effect,in order to further understand to follow the will of the key factors influence empl information security policy.This paper adopts the method of empirical research obtains 334 valid questionnaires from hotels in Dalian and Harbin by means of two-online questionnaire survey.By using SPSS and SmartPLS3.0 to conduct data analysis and hypothesis testing on the theoretical model,the following main conclusions are as follows:(1)As for employees' information security policy compliance,abusive supervision,as a negative leadership,has a significantly negative impact on it,and perceived deterrence certainty and perceived deterrence severity have a significant positive impact on it.(2)Abusive supervision moderates the relationship between organizational deterrence and employee information security policy compliance.Specifically,abusive supervision has a significantly positive moderating effect on the relationship between perceived deterrence severity and employees' information security policy compliance intention,but has no significant moderating effect on the relationship between perceived deterrence certainty and employees' information security policy compliance intention.(3)Information security awareness has a significantly positive impact on the certainty and severity of employees' perceived deterrence.With the improvement of information security awareness,perceived deterrence certainty and perceived deterrence severity will be significantly increased,which will further improve employees' information security policy compliance intention.The main innovations of this paper are as follows:(1)To some extent,this paper broadens the research on negative leadership style in the field of employee infomation security policy compliance.The research results reveal the negative relationship between abusive supervison and employees' information security policy compliance intention.(2)Based on previous studies,we found that organizational deterrence would affect employees' information security policy compliance,this study further found that abusive supervison would strengthen the binding effect of the perceived deterrence severity and the employees' information security policy compliance intention,which will provide a new perspective to explain the relationship between organization deterrence and employees'information security policy compliance intention.The results also suggest that organizations should encourage managers at all levels to adjust their leadership styles according to specific situations,use various organizational deterrence means appropriately,and create an atmosphere to stimulate employees'information security policy compliance.