ABSTRACT

Previous research indicated security-related stress at the workplace accounts for employee non-compliant behavior with information security policy (ISP). Drawing on the role theory, we investigate stress rooted in employee job role expectations arising from role-ambiguity, role-conflict, and role-overload known as role-stressors. These role-stressors cause employees to endeavor to perform their role tasks and, in turn, provide favorable situations for them to neglect ISP requirements. Using a survey of 350 employees, we found a combination of role-stressors contributes to employees’ ISP violations. Furthermore, we posit that this relationship is partially mediated by organizational commitment. Also, we examined the effect of one mitigating factor: organizational support. However, a statistically significant mitigation effect of organizational support was not found on the relationship between role stress and intention toward ISP compliant behavior. This paper contributes to the behavioral information security literature by demonstrating the importance of role-stressors on employees’ security-related behaviors.

摘要

先前的研究表明，工作场所与安全相关的压力是员工不遵守信息安全政策 (ISP) 的行为。借鉴角色理论，我们调查了源于员工工作角色期望的压力，这些压力源于角色模糊、角色冲突和角色超载，称为角色压力源。这些角色压力因素导致员工努力执行他们的角色任务，反过来又为他们忽视 ISP 要求提供了有利条件。通过对 350 名员工的调查，我们发现角色压力因素的组合导致员工违反 ISP。此外，我们假设这种关系部分是由组织承诺调节的。此外，我们还研究了一个缓解因素的影响：组织支持。然而，没有发现组织支持对角色压力与 ISP 遵从行为意图之间的关系具有统计学意义的缓解作用。本文通过展示角色压力源对员工安全相关行为的重要性，为行为信息安全文献做出了贡献。