Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/emerald-publishing/organisational-culture-procedural-countermeasures-and-employee-z044f6rLEn
References (65)
-
L. Porter, Grace McLaughlin (2006)
Leadership and the organizational context: Like the weather? ☆Leadership Quarterly, 17
-
R. Long (1978)
The Effects of Employee Ownership on Organizational Identification, Employee Job Attitudes, and Organizational Performance: A Tentative Framework and Empirical FindingsHuman Relations, 31
-
(1987)
Organizational Culture Inventory, Human Synergistics -
Impact of reward and recognition on job satisfaction and motivation: an empirical study from Pakistan
International Journal of Business and Management, 5
-
Vera Akafo, P. Boateng (2015)
Impact of Reward and Recognition on Job Satisfaction and MotivationEuropean Journal of Business and Management, 7
-
D. Straub, R. Welke (1998)
Coping With Systems Risk: Security Planning Models for Management Decision MakingMIS Q., 22
-
(1995)
The Institute for Employment Studies, Publisher: Microgen UK Ltd -
Jordan Barlow, Merrill Warkentin, Dustin Ormond, A. Dennis (2013)
Don't make excuses! Discouraging neutralization to reduce IT policy violationComput. Secur., 39
-
J. D'Arcy, A. Hovav (2007)
Deterring internal information systems misuseCommun. ACM, 50
-
Yajiong Xue, Huigang Liang, Liansheng Wu (2011)
Punishment, Justice, and Compliance in Mandatory IT SettingsInf. Syst. Res., 22
-
Managing organizational culture
Management Review, 69
-
(1985)
Shoplifting prevention: The role of communication-based intervention strategies -
Y. Chen, Kuang-Wei Wen, Y. Chen (2012)
Organizations' Information Security Policy Compliance: Stick or Carrot Approach?Journal of Management Information Systems, 29
-
Ken Guo (2013)
Security-related behavior in using information systems in the workplace: A review and synthesisComput. Secur., 32
-
J. Lim, Shanton Chang, S. Maynard, Atif Ahmad (2009)
Exploring the relationship between organizational culture and information security culture -
D. Straub, K. Loch, J. Evaristo, Elena Karahanna, Mark Srite (2002)
Toward a Theory-Based Measurement of CultureJ. Glob. Inf. Manag., 10
-
D. Straub (1990)
Effective IS Security: An Empirical StudyInf. Syst. Res., 1
-
K. Eisenhardt (1989)
Building theories from case study researchSTUDI ORGANIZZATIVI
-
A prototype tool for IS security awareness and training”
International Journal of Logistics and Information Management, 15
-
Z. Rashid, M. Sambasivan, Azmawani Rahman (2004)
The influence of organizational culture on attitudes toward organizational changeLeadership & Organization Development Journal, 25
-
M. Ferguson, M. Sheehan, J. Davey, B. Watson (1999)
Drink driving rehabilitation: The present context -
K. Azumi, W. Ouchi (1981)
Theory Z: How American Business Can Meet the Japanese Challenge.Administrative Science Quarterly, 27
-
(2010)
What information security rules and practices are used in your organisation -
Margaret Phillips (1994)
Industry Mindsets: Exploring the Cultures of Two Macro-Organizational SettingsOrganization Science, 5
-
C. Chipperfield, S. Furnell (2010)
From security policy to practice: Sending the right messagesComputer Fraud & Security, 2010
-
A. Strauss, B. Glaser (1967)
The Discovery of Grounded Theory -
J. D'Arcy, A. Hovav, D. Galletta (2009)
User Awareness of Security Countermeasures and Its Impact on Information Systems Misuse: A Deterrence ApproachInf. Syst. Res., 20
-
J. D'Arcy, Tejaswini Herath, Mindy Shoss (2014)
Understanding Employee Responses to Stressful Information Security Requirements: A Coping PerspectiveJournal of Management Information Systems, 31
-
P. Maykut, Richard Morehouse (1994)
Beginning Qualitative Research: A Philosophical and Practical Guide -
M. Siponen, M. Mahmood, Seppo Pahnila (2009)
Technical opinionAre employees putting your company at risk by not following information security policies?Communications of the ACM, 52
-
S. Malinconico (1984)
Managing Organizational Culture.Library Journal, 109
-
(1996)
What holds the modern company together? -
Rangarirai Matavire, I. Brown (2013)
Profiling grounded theory approaches in information systems researchEuropean Journal of Information Systems, 22
-
J. Bram, A. Kroeber, C. Kluckhohn, Wayne Untereiner, Alfred Meyer (1953)
Culture, a critical review of concepts and definitions -
P. Ifinedo (2014)
Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognitionInf. Manag., 51
-
Maurizio Cavallari (2012)
A Conceptual Analysis about the Organizational Impact of Compliance on Information Security Policy -
(1987)
Muscle-build the organisation -
Mark Chan, Irene Woon, A. Kankanhalli (2005)
Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant BehaviorJournal of Information Privacy and Security, 1
-
C. Vroom, R. Solms (2004)
Towards information security behavioural complianceComput. Secur., 23
-
G. Hofstede, G. Hofstede, M. Minkov (1991)
Cultures and Organizations: Software of the Mind -
Petri Puhakainen, M. Siponen (2010)
Improving Employees' Compliance Through Information Systems Security Training: An Action Research StudyMIS Q., 34
-
Social control
American Journal of Sociology, 1
-
R. Solms, S. Solms (2004)
From policies to cultureComput. Secur., 23
-
social control -
R. Danish, Ali Usman (2010)
Impact of Reward and Recognition on Job Satisfaction and Motivation: An Empirical Study from PakistanInternational Journal of Biometrics, 5
-
Punishment, justice, and compliance in mandatory IT settings
Information Security Research, 22
-
Burcu Bulgurcu, H. Cavusoglu, I. Benbasat (2010)
Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security AwarenessMIS Q., 34
-
M. Quazi (1993)
Effective drug-free workplace plan uses worker testing as a deterrent.Occupational health & safety, 62 6
-
Incapacitative Effects, A. Blumstein, Jacqueline Cohen, D. Nagin (1980)
Deterrence and incapacitation : estimating the effects of criminal sanctions on crime ratesContemporary Sociology, 9
-
Qing Hu, Tamara Dinev, Paul Hart, Donna Cooke (2012)
Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational CultureDecis. Sci., 43
-
Robert Crossler, Allen Johnston, P. Lowry, Qing Hu, Merrill Warkentin, R. Baskerville (2013)
Future directions for behavioral information security researchComput. Secur., 32
-
J. D'Arcy, Tejaswini Herath (2011)
A review and analysis of deterrence theory in the IS security literature: making sense of the disparate findingsEuropean Journal of Information Systems, 20
-
Qing Hu, Zhengchuan Xu, Tamara Dinev, Hong Ling (2011)
Does deterrence work in reducing information security policy abuse by employees?Communications of the ACM, 54
-
Managing your organization’s culture
The Nonprofit World Report, 3
-
T. Probst, Ty Brubaker (2001)
The effects of job insecurity on employee safety outcomes: cross-sectional and longitudinal explorations.Journal of occupational health psychology, 6 2
-
S. Furnell, M. Gennatou, P. Dowland (2002)
A prototype tool for information security awareness and trainingLogistics Information Management, 15
-
Y. Li, E. Hoffman (2018)
Information Security Policy ComplianceOther Topics Engineering Research eJournal
-
A. Hovav, J. D'Arcy (2012)
Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U.S. and South KoreaInf. Manag., 49
-
D. Leidner, Timothy Kayworth (2006)
Review: A Review of Culture in Information Systems Research: Toward a Theory of Information Technology Culture ConflictMIS Q., 30
-
Maged Ali, L. Brooks (2009)
A situated cultural approach for cross-cultural studies in ISJ. Enterp. Inf. Manag., 22
-
E. Albrechtsen (2007)
A qualitative study of users' view on information securityComput. Secur., 26
-
Sang Lee, Sang-Gun Lee, Sangjin Yoo (2004)
An integrative model of computer abuse based on social control and general deterrence theoriesInf. Manag., 41
-
Lijiao Cheng, Y. Li, Wenli Li, E. Holm, Qingguo Zhai (2013)
Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theoryComput. Secur., 39
-
Ken Guo, Yufei Yuan (2012)
The effects of multilevel sanctions on information security violations: A mediating modelInf. Manag., 49
-
Z. Kovacic (2005)
The Impact of National Culture on Worldwide eGovernment ReadinessInforming Sci. Int. J. an Emerg. Transdiscipl., 8
- Publisher
- Emerald Publishing
- Copyright
- Copyright © Emerald Group Publishing Limited
- ISSN
- 2056-4961
- DOI
- 10.1108/ICS-03-2017-0013
- Publisher site
- See Article on Publisher Site
Abstract
PurposeThis paper provides new insights about security behaviour in selected US and Irish organisations by investigating how organisational culture and procedural security countermeasures tend to influence employee security actions. An increasing number of information security breaches in organisations presents a serious threat to the confidentiality of personal and commercially sensitive data. While recent research shows that humans are the weakest link in the security chain and the root cause of a great portion of security breaches, the extant security literature tends to focus on technical issues.Design/methodology/approachThis paper builds on general deterrence theory and prior organisational culture literature. The methodology adapted for this study draws on the analytical grounded theory approach employing a constant comparative method.FindingsThis paper demonstrates that procedural security countermeasures and organisational culture tend to affect security behaviour in organisational settings.Research limitations/implicationsThis paper fills the void in information security research and takes its place among the very few studies that focus on behavioural as opposed to technical issues.Practical implicationsThis paper highlights the important role of procedural security countermeasures, information security awareness and organisational culture in managing illicit behaviour of employees.Originality/valueThis study extends general deterrence theory in a novel way by including information security awareness in the research model and by investigating both negative and positive behaviours.
Journal
Information and Computer Security – Emerald Publishing
Published: Jun 12, 2017