Information security in an organization largely depends on employee compliance with information security policy (ISP). Previous studies have mainly explored the effects of command‐and‐control and self‐regulatory approaches on employee ISP compliance. However, how social influence at both individual and organizational levels impacts the effectiveness of these two approaches has not been adequately explored. This study proposes a social contingency model in which a rules‐oriented ethical climate (employee perception of a rules‐adherence environment) at the organizational level and susceptibility to interpersonal influence (employees observing common practices via peer interactions) at the individual level interact with both command‐and‐control and self‐regulatory approaches to affect ISP compliance. Using employee survey data, we found that these two social influence factors weaken the effects of both command‐and‐control and self‐regulatory approaches on ISP compliance. Theoretical and practical implications are also discussed.

中文翻译：

---

对等事项：社会影响对信息安全策略合规性的调节作用

组织中的信息安全在很大程度上取决于员工是否遵守信息安全策略（ISP）。以前的研究主要探讨了命令控制和自我调节方法对员工ISP合规性的影响。但是，尚未充分探讨在个人和组织层面的社会影响如何影响这两种方法的有效性。这项研究提出了一种社会应急模型，在这种模型中，组织层面的规则导向的道德氛围（员工对规则遵守环境的感知）和人际交往的易感性（员工通过同伴互动观察共同做法的敏感性）与两者互动影响ISP合规性的命令和控制以及自我调节方法。使用员工调查数据，我们发现这两个社会影响因素削弱了命令控制和自我监管方法对ISP合规性的影响。还讨论了理论和实践意义。