Sanction severity and employees’ information security policy compliance: Investigating mediating, moderating, and control variables

Xiaofeng Chen,Dazhong Wu,Liqiang Chen,Joe K.L Teng

doi:10.1016/j.im.2018.05.011

Sanction severity and employees’ information security policy compliance: Investigating mediating, moderating, and control variables

Xiaofeng Chen, Dazhong Wu + Show 2 more

https://doi.org/10.1016/j.im.2018.05.011

Copy DOI

Journal: Information & Management	Publication Date: May 21, 2018
Citations: 63

Affiliation: Western Washington University, Loyola University Maryland, University of Wisconsin–Eau Claire, Troy University

#Information Security Policy Compliance #Information Security Policy + Show 8 more

Abstract
Full-Text PDF
Similar Papers

Abstract

Information security policy (ISP) plays a critical role in information systems security management. Past research using General Deterrence Theory (GDT) on employees’ compliance intention (CI) with ISP produced mixed results. We use survey data to investigate how other factors influence the relationship between sanction severity and employees’ CI. The results show that none of the investigated moderating variables interacts with sanction severity on employees’ ISP compliance intentions. However, the significant impact of sanction severity on employees’ ISP CI disappears when the investigated variables are included, and the impact of sanction severity is mediated by perceived efficacy and descriptive norm.

Full Text