School of Management, Xi'an University of Science and Technology, Xi'an 710054, China.
Research Center for Human Factors and Management Ergonomics, Xi'an University of Science and Technology, Xi'an 710054, China.
Int J Environ Res Public Health. 2022 Nov 30;19(23):16038. doi: 10.3390/ijerph192316038.
Employee security compliance behavior has become an important safeguard to protect the security of corporate information assets. Focusing on human factors, this paper discusses how to regulate and guide employees' compliance with information security systems through effective methods. Based on protection motivation theory (PMT), a model of employees' intention to comply with the information security system was constructed. A questionnaire survey was adopted to obtain 224 valid data points, and SPSS 26.0 was applied to verify the hypotheses underlying the research model. Then, based on the results of a regression analysis, fuzzy set qualitative comparative analysis (fsQCA) was used to explore the conditional configurations that affect employees' intention to comply with the information security system from a holistic perspective. The empirical results demonstrated that perceived severity, perceived vulnerability, response efficacy, and self-efficacy all positively influenced the employees' intention to comply with the information security system; while rewards and response costs had a negative effect. Threat appraisal had a greater effect on employees' intention to comply with the information security system compared to response appraisal. The fsQCA results showed that individual antecedent conditions are not necessary to influence employees' intention to comply with an information security system. Seven pathways exist that influence an employees' intention to comply with an information security system, with reward, self-efficacy, and response cost being the core conditions having the highest probability of occurring in each configuration of pathways, and with perceived severity and self-efficacy appearing in the core conditions of configurations with an original coverage greater than 40%. Theoretically, this study discusses the influence of the elements of PMT on employees' intention to comply with an information security system, reveals the mechanism of influence of the combination of the influencing factors on the outcome variables, and identifies the core factors and auxiliary factors in the condition configurations, providing a new broader perspective for the study of information security compliance behavior and providing some theoretical support for strengthening enterprise security management. Practically, targeted suggestions are proposed based on the research results, to increase the intention of enterprise employees to comply with information security systems, thereby improving the effectiveness of enterprise information security management and the degree of information security in enterprises.
员工安全合规行为已成为保护企业信息资产安全的重要保障。本文聚焦于人为因素,探讨如何通过有效方法规范和引导员工遵守信息安全系统。基于保护动机理论(PMT),构建了员工遵守信息安全系统意图的模型。通过问卷调查获得了 224 个有效数据点,并使用 SPSS 26.0 验证了研究模型的假设。然后,基于回归分析的结果,采用模糊集定性比较分析(fsQCA)从整体角度探讨影响员工遵守信息安全系统意图的条件组态。实证结果表明,感知严重性、感知脆弱性、应对效能和自我效能均正向影响员工遵守信息安全系统的意图,而奖励和应对成本则产生负向影响。威胁评估对员工遵守信息安全系统的意图的影响大于应对评估。fsQCA 的结果表明,个体前置条件并非影响员工遵守信息安全系统意图的必要条件。存在七种影响员工遵守信息安全系统意图的路径,奖励、自我效能和应对成本是每个路径配置中最有可能发生的核心条件,而感知严重性和自我效能则出现在配置核心条件中的概率大于 40%。理论上,本研究探讨了 PMT 要素对员工遵守信息安全系统意图的影响,揭示了影响因素组合对结果变量的影响机制,确定了条件组态中的核心因素和辅助因素,为信息安全合规行为的研究提供了新的更广泛视角,并为加强企业安全管理提供了一些理论支持。实际上,根据研究结果提出了有针对性的建议,以提高企业员工遵守信息安全系统的意愿,从而提高企业信息安全管理的有效性和企业的信息安全程度。
