Browse > Article
http://dx.doi.org/10.22156/CS4SMB.2020.10.09.123

A Study on Mitigation of Information Security Related Work Stress  

Hwang, Inho (Department of General Education, Kookmin University)
Publication Information
Journal of Convergence for Information Technology / v.10, no.9, 2020 , pp. 123-135 More about this Journal
Abstract
Recently organizations are implementing strict security policies and technologies to minimize security incidents. However, strict information security can cause work stress of employees and can make it difficult to achieve security goals. The purpose of this study is to present the preconditions for mitigating the negative impact of security-related work stress. We conducted a questionnaire survey of employees working in the financial industry and secured a total of 266 samples. The test of the research hypothesis was carried out by structural equation modeling. As a result, work stress had a negative effect on compliance intention, and value congruence reduced work stress. Also, security feedback had a moderating effect on the relationship between research factors. The results have theoretical and practical implications for mitigating work stress of employees.
Keywords
Information security compliance intention; Work ambiguity; Work conflict; Value congruence; Security feedback;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 T. Kim. (2018). Concern and Prediction for Future Information Security expected by IT Executives. Journal of Convergence for Information Technology, 8(6), 117-122. DOI : 10.22156/CS4SMB.2018.8.6.117   DOI
2 Statista. (2020) Information security technology market size 2016-2023. (Online) https://www.statista.com/statistics
3 Verizon. (2020), 2020 Data Breach Investigations Report.
4 K. D. Loch, H. H. Carr & M. E. Warkentin. (1992). Threats to information systems: Today's reality, yesterday's understanding. MIS Quarterly, 16(2), 173-186. DOI : 10.2307/249574.   DOI
5 J. D'Arcy, A. Hovav & D. Galletta. (2009). User awareness of security countermeasures and its impact on information systems misuse: A deterrence approach, Information Systems Research, 20(1), 79-98. DOI : 10.1287/isre.1070.0160.   DOI
6 I. Hwang, D. Kim, T. Kim & S. Kim. (2017). Why not comply with information security? An empirical approach for the causes of non-compliance, Online Information Review, 41(1), 1-17. DOI : 10.1108/OIR-11-2015-0358.
7 B. Bulgurcu, H. Cavusoglu & I. Benbasat. (2010). Information security policy compliance: An empirical study of rationality-based beliefs and information security awareness, MIS Quarterly, 34(3), 523-548.   DOI
8 S. Aurigemma & T. Mattson, (2017). Deterrence and punishment experience impacts on ISP compliance attitudes. Information and Computer Security, 25(4), 421-436. DOI : 10.1108/ICS-11-2016-0089.   DOI
9 I. Topa & M. Karyda. (2015, September). Identifying factors that influence employees' security behavior for enhancing ISP compliance. In International Conference on Trust and Privacy in Digital Business (pp. 169-179). Springer, Cham.
10 P. Jimenez, A. Dunkl & S. PeiBl. (2015). Workplace incivility and its effects on value congruence, recovery-stress-state and the intention to quit. Psychology, 6(14), 1930-1939. DOI : 10.4236/psych.2015.614190.   DOI
11 M. Siegall & T. McDonald. (2004). Person‐organization value congruence, burnout and diversion of resources. Personnel Review. 33(3), 291-301. DOI : 10.1108/00483480410528832.   DOI
12 B. E. Wright. (2004). The role of work context in work motivation: A public sector application of goal and social cognitive theories. Journal of Public Administration Research and Theory, 14(1), 59-78. DOI : 10.1093/jopart/muh004.   DOI
13 M. C. Andrews & K. M. Kacmar. (2001). Confirmation and extension of the sources of feedback scale in service-based organizations. The Journal of Business Communication, 38(2), 206-226. DOI : 10.1177/002194360103800204   DOI
14 M. A. Campion & R. G. Lord. (1982). A control systems conceptualization of the goal-setting and changing process. Organizational Behavior and Human Performance, 30(2), 265-287. DOI : 0.1016/0030-5073(82)90221-5.   DOI
15 B. McAfee, V. Quarstein & A. Ardalan. (1995). The effect of discretion, outcome feedback, and process feedback on employee job satisfaction. Industrial Management & Data Systems. 95(5), 7-12. DOI :10.1108/02635579510088128.   DOI
16 J. D'Arcy & P. L. Teh. (2019). Predicting employee information security policy compliance on a daily basis: The interplay of security-related stress, emotions, and neutralization. Information & Management, 56(7), 103151. DOI : 10.1016/j.im.2019.02.006.   DOI
17 J. Y. Son. (2011). Out of fear or desire? Toward a better understanding of employees' motivation to follow IS security policies. Information & Management, 48(7), 296-302. DOI : 10.1016/j.im.2011.07.002.   DOI
18 N. S. Safa, C. Maple, S. Furnell, M. A. Azad, C. Perera, M. Dabbagh & M. Sookhak. (2019). Deterrence and prevention-based model to mitigate information security insider threats in organizations. Future Generation Computer Systems, 97, 587-597. DOI : 10.1016/j.future.2019.03.024.   DOI
19 K. J. Knapp, R. F. Morris Jr, T. E. Marshall & T. A. Byrd. (2009). Information security policy: An organizational-level process model. Computers & security, 28(7), 493-508. DOI : 10.1016/j.cose.2009.07.001   DOI
20 I. Hwang & O. Cha. (2018). Examining technostress creators and role stress as potential threats to employees' information security compliance. Computers in Human Behavior, 81, 282-293. DOI : 10.1016/j.chb.2017.12.022.   DOI
21 I. Yun & J. Lee. (2016). An empirical study information security awareness of elderly welfare workers on security empowerment and information security behavior. Journal of Convergence for Information Technology, 6(4), 9-15. DOI : 10.22156/CS4SMB.2016.6.4.009.   DOI
22 Y. Chen, K. Ramamurthy & K. W. Wen. (2012). Organizations' information security policy compliance: Stick or carrot approach?. Journal of Management Information Systems, 29(3), 157-188. DOI : 10.2753/MIS0742-1222290305.   DOI
23 C. Fornell & D. F. Larcker. (1981). Evaluating structural equation models with unobservable variables and measurement error. Journal of Marketing Research, 18(1), 39-50. DOI: 10.2307/3151312.   DOI
24 A. H. .Hon, W. W. Chan & L. Lu. (2013). Overcoming work-related stress and promoting employee creativity in hotel industry: The role of task feedback from supervisor. International Journal of Hospitality Management, 33, 416-424. DOI : 10.1016/j.ijhm.2012.11.001.   DOI
25 J. C. Nunnally. (1978). Psychometric theory (2nd ed.). New York: McGraw-Hill.
26 B. H. Wixom & H. J. Watson. (2001). An empirical investigation of the factors affecting data warehousing success. MIS Quarterly, 25(1), 17-41. DOI : 10.2307/3250957.   DOI
27 P. S. Galluch, V. Grover & J. B. Thatcher. (2015). Interrupting the workplace: Examining stressors in an information technology context. Journal of the Association for Information Systems, 16(1), 1-47. DOI : 10.17705/1jais.00387.   DOI
28 I. Hwang, R. Wakefield, S. Kim & T. Kim. (2019). Security awareness: The first step in information security compliance behavior. Journal of Computer Information Systems, 1-12. DOI: 10.1080/08874417.2019.1650676
29 R. Ayyagari, V. Grover & R. Purvis. (2011). Technostress: Technological antecedents and implications. MIS Quarterly, 35(4), 831-858. DOI : 10.2307/41409963.   DOI
30 C. L. Cooper, P. J. Dewe & M. P. O'Driscoll. (2001). Organizational stress: A review and critique of theory, Research, and Applications. Sage.
31 D. F. Parker & T. A. DeCotiis. (1983). Organizational determinants of job stress. Organizational Behavior and Human Performance, 32(2), 160-177. DOI : 10.1016/0030-5073(83)90145-9.   DOI
32 J. D'Arcy, T. Herath & M. K. Shoss. (2014). Understanding employee responses to stressful information security requirements: A coping perspective. Journal of Management Information Systems, 31(2), 285-318. DOI : 10.2753/MIS0742-1222310210.   DOI
33 P. M. Podsakoff, S. B. MacKenzie, J. Y. Lee & N. P. 2Podsakoff. (2003). Common method biases in behavioral research: A critical review of the literature and recommended remedies. Journal of Applied Psychology, 88(5), 879-903. DOI : 10.1037/0021-9010.88.5.879.   DOI
34 G. C. Lin, Z. Wen, H. W. Marsh & H. S. Lin. (2010). Structural equation models of latent interactions: Clarification of orthogonalizing and double-mean-centering strategies. Structural Equation Modeling, 17(3), 374-391. DOI : 10.1080/10705511.2010.488999.   DOI
35 J. F. Dawson. (2014). Moderation in management research: What, why, when and how. Journal of Business and Psychology, 29, 1-19. DOI : 10.1007/s10869-013-9308-7.   DOI
36 M. Tarafdar, Q. Tu, B. S. Ragu-Nathan & T. S. Ragu-Nathan. (2007). The impact of technostress on role stress and productivity. Journal of Management Information Systems, 24(1), 301-328. DOI : 10.2753/MIS0742-1222240109.   DOI
37 M. Tarafdar, E. Bolman Pullins & T. S. Ragu-Nathan. (2014). Examining impacts of technostress on the professional salesperson's behavioral performance. Journal of Personal Selling and Sales Management, 34(1), 51-69. DOI : 10.1080/08853134.2013.870184.   DOI
38 S. Kim, J. Im & J. Hwang. (2015). The effects of mentoring on role stress, job attitude, and turnover intention in the hotel industry. International Journal of Hospitality Management, 48, 68-82. DOI : 10.1016/j.ijhm.2015.04.006.   DOI
39 Z. Yan, X. Guo, M. K. Lee & D. R. Vogel. (2013). A conceptual model of technology features and technostress in telemedicine communication. Information Technology & People, 26(3), 283-297. DOI : 10.1108/ITP-04-2013-0071.   DOI
40 J. R. Edwards & D. M. Cable, D. M. (2009). The value of value congruence. Journal of Applied Psychology, 94(3), 654. DOI : 10.1037/a0014891.   DOI
41 J. A. Chatman. (1989). Improving interactional organizational research: A model of person-organization fit. Academy of Management Review, 14(3), 333-349. DOI : 10.5465/amr.1989.4279063.   DOI
42 S. Valentine, L. Godkin & M. Lucero. (2002). Ethical context, organizational commitment, and person-organization fit. Journal of Business Ethics, 41(4), 349-360. DOI : 10.1023/A:1021203017316.   DOI
43 T. R. Tyler & S. L. Blader. (2005). Can businesses effectively regulate employee conduct? The antecedents of rule following in work settings. Academy of Management Journal, 48(6), 1143-1158. DOI : 10.5465/amj.2005.19573114.   DOI