nach oben

Information Systems Frontiers

Erschienen in:

01.06.2022

An Investigation of the Factors that Influence Job Performance During Extreme Events: The Role of Information Security Policies

verfasst von: Victoria Kisekka, Sanjay Goel

Erschienen in: Information Systems Frontiers | Ausgabe 4/2023

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Diligent compliance with Information security Policies (ISP) can effectively deter threats but can also adversely impact organizational productivity, impeding organizational task completion during extreme events. This paper examines employees’ job performance during extreme events. We use the conservation of resources (COR) theory to examine how psychological resources (individual resilience, job meaningfulness, self-efficacy) and organizational resources (incident command leadership, information availability, and perceived effectiveness of security and privacy controls) influence ISP compliance decisions and job performance during extreme events. The results show that a one-size-fits-all approach to ISP is not ideal during extreme events; ISP can distract employees from critical job tasks. We also observed that under certain conditions, psychological resources, such as individual resilience, are reserved for job performance, while others, such as self-efficacy, are reserved for ISP compliance. A post hoc analysis of data from respondents who experienced strain during a real extreme event while at work was conducted. Our discussion provides recommendations on how security and privacy policies can be designed to reflect disaster conditions by relaxing some policy provisions.

Vorheriger Artikel A Meta-Analytic Structural Equation Model for Understanding Social Commerce Adoption

Nächster Artikel The Role of Sentiment Tendency in Affecting Review Helpfulness for Durable Products: Nonlinearity and Complementarity

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

Ab Rahman, N. H., and Choo, K.-K. R. (2015). A Survey of Information Security Incident Handling in the Cloud. Computers & Security (49): 45–69.

Abramson, D. M., & Redlener, I. (2012). Hurricane Sandy: Lessons Learned, Again. Disaster Medicine and Public Health Preparedness, 6(4), 328–329.CrossRef

Ahmad, A., Hadgkiss, J., & Ruighaver, A. B. (2012). Incident Response Teams-Challenges in Supporting the Organisational Security Function. Computers & Security, 31(5), 643–652.CrossRef

Ahmad, A., Maynard, S. B., & Shanks, G. (2015). A Case Analysis of Information Systems and Security Incident Responses. International Journal of Information Management, 35(6), 717–723.CrossRef

Ajzen, I. (1985). From Intentions to Actions: A Theory of Planned Behavior, in Action Control: From Cognition to Behavior, J. Kuhl and J. Beckmann (eds.). Berlin, Heidelberg: Springer Berlin Heidelberg, pp. 11–39.

Ajzen, I. (1991). The Theory of Planned Behavior. Organizational Behavior and Human Decision Processes, 50(2), 179–211.CrossRef

Anderson, C. R. (1977). Locus of Control, Coping Behaviors, and Performance in a Stress Setting: A Longitudinal Study. Journal of Applied Psychology, 62(4), 446.CrossRef

Arshadi, N., & Damiri, H. (2013). The Relationship of Job Stress with Turnover Intention and Job Performance: Moderating Role of Obse. Procedia-Social and Behavioral Sciences, 84, 706–710.CrossRef

Barth, A., Mitchell, J., Datta, A., & Sundaram, S. (2007). Privacy and utility in business processes. In 20th IEEE Computer Security Foundations Symposium (CSF'07)(pp 279-294). IEEE

Baskerville, R., Spagnoletti, P., & Kim, J. (2014). Incident-Centered Information Security: Managing a Strategic Balance between Prevention and Response. Information & Management, 51(1), 138–151.CrossRef

Bauer, S., Bernroider, E. W., and Chudzikowski, K. (2017). Prevention Is Better Than Cure! Designing Information Security Awareness Programs to Overcome Users' Non-Compliance with Information Security Policies in Banks. Computers & Security (68) 145–159.

Beaudry, A. (2009). Coping with Information Technology, in Handbook of Research on Contemporary Theoretical Models in Information Systems. IGI Global, pp. 516–528.

Beaudry, A., and Pinsonneault, A. (2005). Understanding user responses to information technology: A coping model of user adaptaion. MIS Quarterly, 29(3), 493–524. https://doi.org/10.2307/25148693.

Bharosa, N., Lee, J., & Janssen, M. (2010). Challenges and Obstacles in Sharing and Coordinating Information During Multi-Agency Disaster Response: Propositions from Field Exercises. Information Systems Frontiers, 12(1), 49–65.CrossRef

Bido, D., da Silva, D., & Ringle, C. (2014). Structural Equation Modeling with the Smartpls. Brazilian Journal Of Marketing, 13(2). Retrieved October 19, 2015

Britt, T. W., Adler, A. B., & Bartone, P. T. (2001). Deriving Benefits from Stressful Events: The Role of Engagement in Meaningful Work and Hardiness. Journal of Occupational Health Psychology, 6(1), 53.CrossRef

Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information Security Policy Compliance: An Empirical Study of Rationality-Based Beliefs and Information Security Awareness. MIS Quarterly, 34(3), 523–548.CrossRef

Carton, A. M. (2018). “I’m Not Mopping the Floors, I’m Putting a Man on the Moon”: How Nasa Leaders Enhanced the Meaningfulness of Work by Changing the Meaning of Work. Administrative Science Quarterly, 63(2), 323–369.CrossRef

Cascio, W. F. (2003). Changes in workers, work, and organizations. In W. C. Borman, D. R. Ilgen, & R. J. Klimoski (Eds.), Handbook of psychology: Industrial and organizational psychology (vol 12, pp 401–422). John Wiley & Sons Inc

Chakraborty, S., Raghavan, K. R., Johnson, M. P., & Srivastava, M. B. (2013). A framework for context-aware privacy of sensor data on mobile systems. In Proceedings of the 14th Workshop on Mobile Computing Systems and Applications (pp 1–6).

Chan, M., Woon, I., & Kankanhalli, A. (2005). Perceptions of Information Security in the Workplace: Linking Information Security Climate to Compliant Behavior. Journal of Information Privacy and Security, 1(3), 18–41.CrossRef

Charbonneau, D., Barling, J., & Kelloway, E. K. (2001). Transformational Leadership and Sports Performance: The Mediating Role of Intrinsic Motivation 1. Journal of Applied Social Psychology, 31(7), 1521–1534.CrossRef

Chen, Y., Ramamurthy, K., & Wen, K.-W. (2012). Organizations' Information Security Policy Compliance: Stick or Carrot Approach? Journal of Management Information Systems, 29(3), 157–188.CrossRef

Clarke, S. (2006). The relationship between safety climate and safety performance: a meta-analytic review. Journal of occupational health psychology, 11(4), 315

Cronin. Jr, J. & Taylor, Steve. (1992). Measuring service quality - a reexamination and extension. The Journal of Marketing, 56, 55–68. https://doi.org/10.2307/1252296.

Devitt, K. R., & Borodzicz, E. P. (2008). Interwoven Leadership: The Missing Link in Multi-Agency Major Incident Response. Journal of Contingencies and Crisis Management, 16(4), 208–216.CrossRef

Eppler, M. J., & Mengis, J. (2004). The Concept of Information Overload: A Review of Literature from Organization Science, Accounting, Marketing, Mis, and Related Disciplines. The Information Society, 20(5), 325–344.CrossRef

Erez, A., & Judge, T. A. (2001). Relationship of Core Self-Evaluations to Goal Setting, Motivation, and Performance. Journal of Applied Psychology, 86(6), 1270.CrossRef

Federal Emergency Management Agency. (2010). Developing and Maintaining Emergency Operations Plans. Federal Emergency Management Agency.

Federal Emergency Management Agency. (2018). Ics Review Document—Extracted from E/L/G 0300 Intermediate Incident Command System for Expanding Incidents, Ics 300.

Federal Emergency Management Agency. (2019). National Incident Management System. Federal Emergency Management Agency.

Fletcher, D., & Sarkar, M. (2013). Psychological Resilience: A Review and Critique of Definitions, Concepts, and Theory. European Psychologist, 18(1), 12.CrossRef

Goel, S. (2015). Anonymity vs. security: The right balance for the smart grid. Communications of the Association for Information Systems, 36(1), 2.

Hair Jr, J. F., Hult, G. T. M., Ringle, C. M., & Sarstedt, M. (2021). A primer on partial least squares structural equation modeling (PLS-SEM). Sage publications.

Hair, J. F., Ringle, C. M., & Sarstedt, M. (2011). PLS-SEM: Indeed a silver bullet. Journal of Marketing theory and Practice, 19(2), 139–152.

Halperin, D., Heydt-Benjamin, T. S., Fu, K., Kohno, T., & Maisel, W. H. (2008). Security and privacy for implantable medical devices. IEEE pervasive computing, 7(1), 30–39.

Hannah, S. T., Schaubroeck, J. M., & Peng, A. C. (2016). Transforming Followers’ Value Internalization and Role Self-Efficacy: Dual Processes Promoting Performance and Peer Norm-Enforcement. Journal of Applied Psychology, 101(2), 252.CrossRef

Herath, T., & Rao, H. R. (2009). Encouraging Information Security Behaviors in Organizations: Role of Penalties, Pressures and Perceived Effectiveness. Decision Support Systems, 47(2), 154–165.CrossRef

Herath, T., & Rao, H. R. (2009). Protection Motivation and Deterrence: A Framework for Security Policy Compliance in Organisations. European Journal of Information Systems, 18(2), 106–125.CrossRef

Hiller, M., Bone, E. A., & Timmins, M. L. (2015). Healthcare System Resiliency: The Case for Taking Disaster Plans Further—Part 2. Journal of Business Continuity & Emergency Planning, 8(4), 356–375.

Hobfoll, S. E. (1989). Conservation of Resources: A New Attempt at Conceptualizing Stress. American Psychologist, 44(3), 513.CrossRef

Hobfoll, S. E. (2002). Social and Psychological Resources and Adaptation. Review of General Psychology, 6(4), 307–324.CrossRef

Hove, C., Tårnes, M., Line, M. B., and Bernsmed, K. (2014). Information Security Incident Management: Identified Practice in Large Organizations, 2014 Eighth international conference on IT security incident management & IT forensics: IEEE, pp. 27–46.

Hu, Q., Dinev, T., Hart, P., & Cooke, D. (2012). Managing Employee Compliance with Information Security Policies: The Critical Role of Top Management and Organizational Culture. Decision Sciences, 43(4), 615–660.CrossRef

Ifinedo, P. (2012). Understanding Information Systems Security Policy Compliance: An Integration of the Theory of Planned Behavior and the Protection Motivation Theory. Computers & Security, 31(1), 83–95.CrossRef

Ifinedo, P. (2014). Information Systems Security Policy Compliance: An Empirical Study of the Effects of Socialisation, Influence, and Cognition. Information & Management, 51(1), 69–79.CrossRef

Järveläinen, J. (2013). It Incidents and Business Impacts: Validating a Framework for Continuity Management in Information Systems. International Journal of Information Management, 33(3), 583–590.CrossRef

Johnston, A. C. & Warkentin, M. (2010). Fear appeals and information security behaviors: An empirical study. MIS Quarterly, 34(3), 549–566.

Kam, H.-J., Mattson, T., & Goel, S. (2020). A Cross Industry Study of Institutional Pressures on Organizational Effort to Raise Information Security Awareness. Information Systems Frontiers, 22(5), 1241–1264.CrossRef

Kaplan, R. E., & Kaiser, R. B. (2009). Stop Overdoing Your Strengths. Harvard Business Review, 87(2), 100–103.

Karimi, R., & Alipour, F. (2011). Reduce Job Stress in Organizations: Role of Locus of Control. International Journal of Business and Social Science, 2(18), 232–236.

Kweon, E., Lee, H., Chai, S., & Yoo, K. (2021). The Utility of Information Security Training and Education on Cybersecurity Incidents: An Empirical Evidence. Information Systems Frontiers, 23(2), 361–373.CrossRef

Liang, H., & Xue, Y. (2009). Avoidance of information technology threats: A theoretical perspective. MIS Quarterly, 33, 71–90. https://doi.org/10.2307/20650279

Lowe, K. B., Kroeck, K. G., & Sivasubramaniam, N. (1996). Effectiveness correlates of transformational and transactional leadership: A meta-analytic review of the MLQ literature. The leadership quarterly, 7(3), 385–425.CrossRef

MacKenzie, S. B., Podsakoff, P. M., & Rich, G. A. (2001). Transformational and Transactional Leadership and Salesperson Performance. Journal of the Academy of Marketing Science, 29(2), 115–134.CrossRef

Maslach, C., Schaufeli, W. B., & Leiter, M. P. (2001). Job Burnout. Annual Review of Psychology, 52(1), 397–422.CrossRef

McCurdy, D. W. (2006). Using anthropology. Conformity and conflict (12th ed., pp 422–435). Allyn and Bacon Publishers

Mitchell, M. S., Greenbaum, R. L., Vogel, R. M., Mawritz, M. B., & Keating, D. J. (2019). Can You Handle the Pressure? The Effect of Performance Pressure on Stress Appraisals, Self-Regulation, and Behavior. Academy of Management Journal, 62(2), 531–552.CrossRef

Mitropoulos, S., Patsos, D., & Douligeris, C. (2006). On Incident Handling and Response: A State-of-the-Art Approach. Computers & Security, 25(5), 351–370.CrossRef

Morgeson, F. P., Garza, A. S., & Campion, M. A. (2012). Work design. Handbook of Psychology (2nd ed., vol 12, pp 318–327).

Morrison, J. L., Titi Oladunjouye, G., & Dembry, D. (2014). An assessment of Ceo oversight of natural disaster preparedness. International Journal of Business & Public Administration, 11(1), 66–81.

Muniz, J., Albert, M., & O’Guinn, T. C. (2001). Brand Community. Journal of Consumer Research, 27(4), 412–432.CrossRef

Ng, T. W., Sorensen, K. L., & Eby, L. T. (2006). Locus of Control at Work: A Meta-Analysis. Journal of Organizational Behavior: The International Journal of Industrial, Occupational and Organizational Psychology and Behavior, 27(8), 1057–1087.CrossRef

Ong, A. D., Bergeman, C. S., Bisconti, T. L., & Wallace, K. A. (2006). Psychological Resilience, Positive Emotions, and Successful Adaptation to Stress in Later Life. Journal of personality and social psychology, 91(4), 730.CrossRef

Pahnila, S., Siponen, M., and Mahmood, A. (2007). "Employees' Behavior Towards Is Security Policy Compliance," 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07): IEEE, pp. 156b-156b.

Paton, D., Smith, L., & Violanti, J. (2000). Disaster Response: Risk, Vulnerability and Resilience. Disaster Prevention and Management: An International Journal, 9(3), 173–180.CrossRef

Pierce, J. R., & Aguinis, H. (2013). The Too-Much-of-a-Good-Thing Effect in Management. Journal of Management, 39(2), 313–338.CrossRef

Podsakoff, P. M., MacKenzie, S. B., Lee, J. Y., & Podsakoff, N. P. (2003). Common method biases in behavioral research: a critical review of the literature and recommended remedies. Journal of applied psychology, 88(5), 879.

Puhakainen, P., and Siponen, M. (2010). Improving Employees' Compliance through Information Systems Security Training: An Action Research Study. Mis Quarterly. 757–778.

Rainie, L., & Duggan, M. (2016). Privacy and information sharing. Available at https://www.pewresearch.org/internet/2016/01/14/privacy-and-information-sharing/

Ringle, C. M., Wende, S., & Becker, J. M. (2014). SmartPLS 3. Hamburg: SmartPLS. Academy of Management Review, 9, 419–445.

Roberts, P. (2006). Fema after Katrina. Policy Review, 137(June&July), 15–33.

Rosso, B. D., Dekas, K. H., & Wrzesniewski, A. (2010). On the Meaning of Work: A Theoretical Integration and Review. Research in Organizational Behavior, 30, 91–127.CrossRef

Safa, N. S., Von Solms, R., and Furnell, S. (2016). Information Security Policy Compliance Model in Organizations. Computers & Security (56):70–82.

Sankar, L., Rajagopalan, S. R., & Poor, H. V. (2013). Utility-privacy tradeoffs in databases: An information-theoretic approach. IEEE Transactions on Information Forensics and Security, 8(6), 838–852.

Scarinci, C. A. (2014). Contingency Planning and Disaster Recovery after Hurricane Sandy. The CPA Journal, 84(6), 60.

Shin, J., & Grant, A. M. (2019). Bored by Interest: How Intrinsic Motivation in One Task Can Reduce Performance on Other Tasks. Academy of Management Journal, 62(2), 415–436.CrossRef

Siponen, M., Mahmood, M. A., & Pahnila, S. (2014). Employees’ Adherence to Information Security Policies: An Exploratory Field Study. Information & Management, 51(2), 217–224.CrossRef

Smith, B. W., Dalen, J., Wiggins, K., Tooley, E., Christopher, P., & Bernard, J. (2008). The Brief Resilience Scale: Assessing the Ability to Bounce Back. International Journal of Behavioral Medicine, 15(3), 194–200.CrossRef

Spector, P. E. (1982). Behavior in Organizations as a Function of Employee's Locus of Control. Psychological Bulletin, 91(3), 482.CrossRef

Spreitzer, G. M. (1995). Psychological Empowerment in the Workplace: Dimensions, Measurement, and Validation. Academy of Management Journal, 38(5), 1442–1465.CrossRef

Tene, O., & Polonetsky, J. (2012). Big data for all: Privacy and user control in the age of analytics. Nw J Tech & Intell Prop, 11, xxvii.

Tenenhaus, M., Vinzi, V. E., Chatelin, Y. M., & Lauro, C. (2005). PLS path modeling. Computational statistics & data analysis, 48(1), 159–205.

Tøndel, I. A., Line, M. B., & Jaatun, M. G. (2014). Information Security Incident Management: Current Practice as Reported in the Literature. Computers & Security, 45, 42–57.CrossRef

Trang, S., & Brendel, B. (2019). A Meta-Analysis of Deterrence Theory in Information Security Policy Compliance Research. Information Systems Frontiers, 21(6), 1265–1284.CrossRef

Treglown, L., Palaiou, K., Zarola, A., & Furnham, A. (2016). The Dark Side of Resilience and Burnout: A Moderation-Mediation Model. PLoS One1, 11(6), e0156279.CrossRef

Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating Is Security Compliance: Insights from Habit and Protection Motivation Theory. Information & Management, 49(3), 190–198.CrossRef

Wall, J. D., Palvia, P., & Lowry, P. B. (2013). Control-Related Motivations and Information Security Policy Compliance: The Role of Autonomy and Efficacy. Journal of Information Privacy and Security, 9(4), 52–79.CrossRef

Whiteoak, J. W., & Mohamed, S. (2016). Employee engagement, boredom and frontline construction workers feeling safe in their workplace. Accident Analysis & Prevention, 93, 291–298.

Williams, T. A., Gruber, D. A., Sutcliffe, K. M., Shepherd, D. A., & Zhao, E. Y. (2017). Organizational Response to Adversity: Fusing Crisis Management and Resilience Research Streams. Academy of Management Annals, 11(2), 733–769.CrossRef

Wu, F. T. (2013). Defining privacy and utility in data sets. U Colo L Rev, 84, 1117.

Yang, C.-G., & Lee, H.-J. (2016). A Study on the Antecedents of Healthcare Information Protection Intention. Information Systems Frontiers, 18(2), 253–263.CrossRef

Titel: An Investigation of the Factors that Influence Job Performance During Extreme Events: The Role of Information Security Policies
verfasst von: Victoria Kisekka
Sanjay Goel
Publikationsdatum: 01.06.2022
Verlag: Springer US
Erschienen in: Information Systems Frontiers / Ausgabe 4/2023
Print ISSN: 1387-3326
Elektronische ISSN: 1572-9419
DOI: https://doi.org/10.1007/s10796-022-10281-6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 4/2023

Organizational Capabilities for AI Implementation—Coping with Inscrutability and Data Dependency in AI

The Role of Sentiment Tendency in Affecting Review Helpfulness for Durable Products: Nonlinearity and Complementarity

Facilitators and Barriers of Artificial Intelligence Adoption in Business – Insights from Opinions Using Big Data Analytics

Visual Analytics: Transferring, Translating and Transforming Knowledge from Analytics Experts to Non-technical Domain Experts in Multidisciplinary Teams

How to Maximize Clicks for Display Advertisement in Digital Marketing? A Reinforcement Learning Approach

Why Organizations Fail in Implementing Enterprise Architecture Initiatives?

Premium Partner