Human Resource Management and Security Policy Compliance

Human Resource Management and Security Policy Compliance

Youngkeun Choi (Sangmyung University, Business School, Seoul, South Korea)
DOI: 10.4018/IJHCITP.2017070105

Abstract

Given the regulatory requirements imposed on organizations within numerous industries, research in the area of employee compliance with organizational security and privacy regulations remains necessary and highly desirable. Therefore, the objective of this study provides a unique framework for understanding the influence of HRM practices on individual security policy compliance outcomes. The unit of analysis for this research project is the individual employee of a bank organization. With the survey of 257 bank employees, a components-based approach to structural equation modeling was taken. The results of this study indicate that developmental-oriented appraisal, externally or internally equitable reward, selective staffing and training for career development are positively associated with employees' behavioral intent to comply security policy through their affective commitment.
Article Preview

Introduction

Most studies in information systems field have primarily focused on technical issues concerning the design and implementation of security subsystems (Choo, 2011). Some of the study in this area includes computer security behaviors including information security system management (Stanton 2005; Haufe et al., 2016). However, the respondents in these studies are typically IT administrators or top-level managers form IT governance (Dhillon & Torkzadeh, 2006; Dzombeta et al., 2014) rather than representatives from the end-user community. The fact that the respondents in prior studies were largely those responsible for setting up and running technical security initiatives raises the question of whether or not their views are likely to be representative of the organization as a whole (Finch et al. 2003). Recently, there has been some research on end-user policy compliance. In an empirical vein, D’Arcy and Hovav (2004) followed deterrence theory and developed a theoretical model that examines the effect of deterrent security countermeasures on the perceived certainty and severity of sanctions, which in turn, leads to IS misuse intentions. However, Willison and Warkentin (2016) finds that deterrence measures reduce computer abuse in organizations.

Social exchange theory (Blau, 1964; Homans, 1961) explained the motivation behind the attitudes and behaviors exchanged between individuals. Eisenberger et al. (1986) expanded this work by proposing and establishing that the theory of social exchange also explains aspects of the relationship between the organization and its employees. They noted that employees form general perceptions about the intentions and attitudes of the organization toward them from the policies and procedures enacted by individuals and agents of the organization, attributing human-like attributes to their employer on the basis of the treatment they receive. At this time, the positive and beneficial actions directed at employees by the organization and/or its representatives contribute to the establishment of high-quality exchange relationships that create obligations for employees to reciprocate in positive, beneficial ways (Grusky, 1996; Molm, 2000; 2003; Alge, Wiethoff, & Klein, 2003; Uhl-Bien & Maslyn, 2003; Tsui & Wang, 2002; Wang, Tsui, Zhang, & Ma, 2003).

Given the regulatory requirements imposed on organizations within numerous industries, research in the area of employee compliance with organizational security and privacy regulations remains necessary and highly desirable. Recent studies in this area, while continuing to develop our understanding of compliance motivation and behavioral factors leading to non-compliance, they have yet to consider the influence of social exchange relationships (Blau, 1964; Homans, 1961) in which employees operate and within which employees are expected to develop their individual capabilities toward and intentions about compliance.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 10: 4 Issues (2019): Forthcoming, Available for Pre-Order
Volume 9: 4 Issues (2018): 3 Released, 1 Forthcoming
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing